Hugo Etievant wrote: > Hi, > > I have setted a password policy with password history. > > When i use ldappasswd for change password, this tool says me > "Constraint violation" but that do not mean the real raison of failure. > > =>>> How can we verify if a password is in the history list ??? If you display the extended information sent back in the LDAP error return, you should see a message like this "password in history" > > my follwing command is not successful : > ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM" -x > -w - "(passwordHistory=OLDPASSWD)" dn passwordHistory stores hashed passwords so this ldapsearch won't work I suppose you could use ldapsearch to get the passwordHistory list, then write a script to use the pwdhash command to hash and compare a given password with the passwords in the list. > > > regards > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090316/53c37553/attachment.bin
