Le 29/10/2015 11:18, Bogdan Rudas a écrit :
Hello all,
I'm working on Self-service application and want to prevent user from
re-using old passwords. What is correct way to chage password takin in
mind password history?
I guess it is:
1. Bind with special user and check if specified uid exists
2. Bind using user-supplied uid and password
3. Get password policy, history etc. and validate on selfservice-side
4. Execute LDAP modifyRequest with single item: userPassword and value
of new hashed password.
In my case same password gives same hash. Are there any way to force
encrypted password history validation on server side?
Hi,
just for information, if you are looking for a self service application,
you can check
http://ltb-project.org/wiki/documentation/self-service-password/latest/start
But as it is written in PHP, it does not use the ppolicy control (not
yet implemented in PHP-LDAP API).
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
