Bug 703316 - Fine Grained Password policy: number of passwordInHistory is one less.
Fine Grained Password policy: number of passwordInHistory is one less.
Status: CLOSED NOTABUG
Product: 389
Classification: Community
Component: Security - Password Policy (Show other bugs)
1.2.8
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Noriko Hosoi
Chandrasekar Kannan
:
Depends On:
Blocks: 512820
  Show dependency treegraph
 
Reported: 2011-05-09 20:06 EDT by Noriko Hosoi
Modified: 2015-01-04 18:48 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-31 16:48:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Noriko Hosoi 2011-05-09 20:06:48 EDT
Description of problem:

Steps:
passwordInHistory: 3

Original password is testpassword --> passwd-001
$ ldapmodify -x -h localhost -p 389 -D 'uid=nd,ou=People,dc=example,dc=com' -w testpassword
dn: uid=nd, ou=People, dc=example, dc=com
changetype: modify
replace: userPassword
userPassword: passwd-001

Repeat this as follows:
passwd-001 --> passwd-002
passwd-002 --> passwd-003

$ ldapmodify -x -h localhost -p 389 -D 'uid=nd,ou=People,dc=example,dc=com' -w passwd-003
dn: uid=nd, ou=People, dc=example, dc=com
changetype: modify
replace: userPassword
userPassword: testpassword

modifying entry "uid=nd, ou=People, dc=example, dc=com"
ldap_modify: Constraint violation (19)
	additional info: password in history

Change password one more time.
$ ldapmodify -x -h localhost -p 389 -D 'uid=nd,ou=People,dc=example,dc=com' -w passwd-003
dn: uid=nd, ou=People, dc=example, dc=com
changetype: modify
replace: userPassword
userPassword: passwd-004

Then, try the original password.  It works.
$ ldapmodify -x -h localhost -p 389 -D 'uid=nd,ou=People,dc=example,dc=com' -w passwd-004
dn: uid=nd, ou=People, dc=example, dc=com
changetype: modify
replace: userPassword
userPassword: testpassword

modifying entry "uid=nd, ou=People, dc=example, dc=com"

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/Core_Server_Configuration_Reference.html#cnconfig-passwordInHistory_Number_of_Passwords_to_Remember
3.1.1.127. passwordInHistory (Number of Passwords to Remember)
Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in history cannot be reused by users.
Comment 4 Noriko Hosoi 2011-05-31 16:48:58 EDT
It turned out DS is behaving correctly.  Closing as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.