Closed
Description
Issue Description
passwordHistory is not updated by with a pre-hashed password
Package Version and Platform:
- Package and version: 389-ds-base-1.4.3.37-7.module+el8dsrv+20631+5a3df0a9.x86_64
Steps to Reproduce
- Enable pwdhistory and nsslapd-allow-hashed-passwords
sudo dsconf -D cn=dm -b "dc=example,dc=com" -w password inst01 pwpolicy set --pwdhistory on
sudo dsconf -D cn=dm -b "dc=example,dc=com" -w password inst01 config replace nsslapd-allow-hashed-passwords=on
- Create aci to allow users change their password
ldapmodify -x -D cn=dm -H ldap://localhost:389 -w password << 'EOF'
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="userpassword || passwordHistory")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)
EOF
- Create hashed password
pwdhash -s PBKDF2_SHA256 supersecretpassword
- Update a users password as regular user
ldapmodify -D uid=test_user,ou=people,dc=example,dc=com -H ldap://localhost:389 -w password << 'EOF'
dn: uid=jamie,ou=people,dc=example,dc=com
changetype: modify
replace: userpassword
userpassword: {PBKDF2_SHA256}AAAgADbVmRsA75ralHYSVQ9gE5ZrYifmIztk+8as2HHUPbbNP2kZtT+rXFHVUJ3d3X3uVezNoYQ88Hjj2IXqopu0trckhUg1tspv2+di0I1wGmytJGpLn+/t4GdtHp/FrI/vDZLMKxnc6PlJVkKdHZa3H1ny1dsMlo0gf4y9Mm3hPfM8Mfbf6QH2V/03gCFzjmhJB85xKJpidwGt5CMb0kQ33FtCgrZLKQBQB4K6sQa4WyRevwxZ1u0/FTSTuGjVWUIsP7QE602a9fJtBGW1dXhn92aUP8mRmx+RBOdik+mHvTwa+RTqc8S9PEy5KwCCn3dAJiIkso9EiwI2Mt+it391IxDD3ndK7H9LlwIMqVR3AgVBMKDdH6ibE1oDAsEd5X68fve5FcJtAQJ46dlltHaH3IdmfYqIP+U36UMbX15grifj
EOF
- Display users password history
ldapsearch -D "cn=dm" -H ldap://localhost:389 -w password -b "uid=jamie,ou=people,dc=example,dc=com" passwordHistory
Actual results
No password history for user
Expected results
Password change history for user