Hi, I have setted a password policy with password history. When i use ldappasswd for change password, this tool says me "Constraint violation" but that do not mean the real raison of failure. =>>> How can we verify if a password is in the history list ??? my follwing command is not successful : ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM" -x -w - "(passwordHistory=OLDPASSWD)" dn regards -- * Hugo Étiévant * **
Rich Megginson
2009-Mar-16 17:37 UTC
Re: [Fedora-directory-users] Password History Navigation
Hugo Etievant wrote:> Hi, > > I have setted a password policy with password history. > > When i use ldappasswd for change password, this tool says me > "Constraint violation" but that do not mean the real raison of failure. > > =>>> How can we verify if a password is in the history list ???If you display the extended information sent back in the LDAP error return, you should see a message like this "password in history"> > my follwing command is not successful : > ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM" -x > -w - "(passwordHistory=OLDPASSWD)" dnpasswordHistory stores hashed passwords so this ldapsearch won''t work I suppose you could use ldapsearch to get the passwordHistory list, then write a script to use the pwdhash command to hash and compare a given password with the passwords in the list.> > > regards >