On 02/26/2017 10:57 AM, tuan88@xxxxxxxxx wrote: > Hi > with the new 1.2.2-1 389* the user can resure the same password Again & Again, the passwordhistory stop to Work and not showing anymore. passwordHistory is not set in your policy config, thus it is not being enforced: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/User_Account_Management.html#Managing_the_Password_Policy-Configuring_a_Local_Password_Policy > see my test below. It is the first time i get this kind of issue > > [root@centos6 ~]# rpm -qa|grep 389 > 389-console-1.1.7-1.el6.noarch > 389-adminutil-1.1.19-1.el6.x86_64 > 389-ds-console-1.2.6-1.el6.noarch > 389-ds-1.2.2-1.el6.noarch > 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64 > 389-admin-1.1.35-1.el6.x86_64 > 389-admin-console-1.1.8-1.el6.noarch > 389-ds-base-1.2.11.15-85.el6_8.x86_64 > > > [root@centos6 scripts]# cat test_passwd_history.ksh > #!/bin/ksh > #Ldap test passwd if it is expired or not - tng 20170226 > ldapsearch -xLLL -ZZ -b dc=nnit '(&(uid=tnng))' passwordRetryCount passwordExpWarned accountUnlockTime passwordExpirationTime passwordHistory createtimestamp modifytimestamp retryCountResetTime passwordAllowChangeTime nsRoleDN > ldappasswd -s 123 -w 12345678 -x -ZZ -D cn='directory manager' cn='Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit' > > [root@centos6 scripts]# ./test_passwd_history.ksh > dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit > passwordExpWarned: 0 > passwordExpirationTime: 19700101000000Z > createtimestamp: 20170114110541Z > modifytimestamp: 20170226085143Z > [root@centos6 scripts]# ./test_passwd_history.ksh > dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit > passwordExpWarned: 0 > passwordExpirationTime: 19700101000000Z > createtimestamp: 20170114110541Z > modifytimestamp: 20170226091223Z > [root@centos6 scripts]# ./test_passwd_history.ksh > dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit > passwordExpWarned: 0 > passwordExpirationTime: 19700101000000Z > createtimestamp: 20170114110541Z > modifytimestamp: 20170226091224Z > [root@centos6 scripts]# > > policy > [root@centos6 scripts]# ldapsearch -xLLL -ZZ -b cn='cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyContainer,ou=Infrastructure,dc=nnit' -s base '(&(objectclass=passwordpolicy))' > dn: cn=cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyCon > tainer,ou=Infrastructure,dc=nnit > passwordStorageScheme: ssha > passwordGraceLimit: 1 > passwordChange: on > passwordWarning: 86400 > passwordMinAge: 0 > passwordExp: on > passwordMustChange: on > passwordMaxAge: 86400 > objectClass: ldapsubentry > objectClass: passwordpolicy > objectClass: top > cn: cn=nsPwPolicyEntry,ou=Infrastructure,dc=nnit > > Policy settings from GUI: > www.chezmoi.dk/389-passwd-not-expire.png > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
