On 09/23/2013 11:38 AM, Jared wrote:
We have passwordHistory enabled on our directory. When a user tries
change his own password to a value already in his personal password
history, it prevents him from (re)setting that same password, which is
However, I'm working on a password synchronization service that will
always need to be able to set the users password to a newly specified
value, even if that value is already in the history. If this service is
binding with an admin-level account, then I'd expect it to be able to do
so, but instead it's also prevented from setting the password if it's
already in the history. Even if I bind with 'cn=directory manager'
(which I would think should be able to do anything it wants), I cannot
set the password of it already exists in the history.
Is there any particular trick to making this work?
There is a new feature in 1.3.1 called "Password Administrators", but
this type of account can not do this either(yet). Can you please file a
RFE at https://fedorahosted.org/389/newticket
I'm hoping there's
an ACI I set set for this, or (probably less likely) an option somewhere
that I need to toggle. Or is this just a bug I'm encountering? Other
directory products I'm familiar with (including Active Directory, for
example) do allow administrators to override password history if needed
when resetting passwords, so I'd expect that to be the case here as well.
Thanks. Any suggestions would be most appreciated.
389 Development Team
Red Hat, Inc