We have passwordHistory enabled on our directory. When a user tries to change his own password to a value already in his personal password history, it prevents him from (re)setting that same password, which is desired. However, I'm working on a password synchronization service that will always need to be able to set the users password to a newly specified value, even if that value is already in the history. If this service is binding with an admin-level account, then I'd expect it to be able to do so, but instead it's also prevented from setting the password if it's already in the history. Even if I bind with 'cn=directory manager' (which I would think should be able to do anything it wants), I cannot set the password of it already exists in the history. Is there any particular trick to making this work? I'm hoping there's an ACI I set set for this, or (probably less likely) an option somewhere that I need to toggle. Or is this just a bug I'm encountering? Other directory products I'm familiar with (including Active Directory, for example) do allow administrators to override password history if needed when resetting passwords, so I'd expect that to be the case here as well. Thanks. Any suggestions would be most appreciated. -- Jared -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
