I think what you want to do to get the passwordhistory attribute is
something like the below command as I think they are considered
operational attributes.
ldapsearch -H
-x -s base -b "" +
# note the + returns operational attributes
Hope that helps on one part of your question.
On 10/26/2011 10:27 AM, Mazier Alexandre wrote:
[Apologize for my English]
Hello
I’m trying to set up a password policy for my users. Especially, I set a
password history value of 6.
In case of a password recovery process, I want to give to the
administrator to restore the password to a default value which is
equally the value used for the account creation. The problem at this
time is obvious: the password change is refused since the default
password is already in the history. Is there any way to force the
password restauration?
Furthermore, I have some questions with about the way password history
is working.
I can see through 389-console that users have a multi-valued attributes
passwordhistory. However I’m unable to get it with a command line
ldapsearch request. How can I obtain this password history list?
Maybe for the same reason, if I delete the passwordhistory attribute and
try to restore the password to its initial value, I always obtain an
exception due to the presence of the password in the history.
Those points are not clearly referenced in the documentation. Thanks a
lot for your help.
Regards,
*Alexandre MAZIER*
Intervenant
GIP CPAGE
Parc Technologique de la Toison d'Or
19 rue Louis de Broglie BP 56507
21065 DIJON Cedex
Tél : 03 80 28 46 46
Fax : 03 80 28 46 01
Mailto:Alexandre.Mazier@cpage.fr <mailto:Alexandre.Mazier@cpage.fr>
P Avant d'imprimer cet e-mail, si nous réfléchissions à l'impact sur
l'environnement ?
Les données et renseignements contenus dans ce message sont personnels,
confidentiels et secrets. Si vous n'êtes pas destinataire de ce message,
merci de le détruire immédiatement et d'avertir l'expéditeur. Le GIP
CPAGE décline toute responsabilité au titre de ce message s'il a été
altéré, déformé ou falsifié.
The information contained in this message is privileged, confidential,
and protected from disclosure. If you are not intended addressee of this
message, please cancel it immediately and inform the sender. GIP CPAGE
shall not be liable for the message if altered, changed or falsified.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users