Cannot reuse same password "N" times - Password History

[kaylin4u]

I know the routine is set up to not use the old password, but you can reuse a password if you've already changed it to something else then go back and set it to the password you just had two times ago. Is there a way you can set this up to not reuse the same password based on history? Maybe the last 5 or last 8? This is getting to be a big audit issue for some companies. We already have a policy set up on a script, just wondering if you can add this to self-service-password.

[coudot]

The password history is managed by the LDAP server (OpenLDAP, AD, ...) you should configure the correct policy for it.

What is your LDAP server?

[kaylin4u]

We set up this policy. Just when we attempted to set the password to one that was used before, it still changed it. Here's where we changed our policy:

dn: cn=passwordDefault,ou=Policies,dc=somecompany,dc=com
changeType: modify
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
sn: passwordDefault
pwdAttribute: userPassword
pwdCheckQuality: 0
pwdMinAge: 0
pwdMaxAge: 7776000
pwdMinLength: 12
pwdInHistory: 4
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdLockout: TRUE
pwdLockoutDuration: 60
pwdAllowUserChange: TRUE
pwdExpireWarning: 1209600
pwdGraceAuthNLimit: 0
pwdMustChange: FALSE
pwdSafeModify: FALSE

We set it in "pwdInHistory: 4"

[coudot]

So you are using OpenLDAP. If you use the rootdn as SSP service account, then the OpenLDAP password policy is bypassed. Use a service account.