You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just wanted to put this out there, as I've seen password history mentioned in previous issues, and in case the maintainers have any interset in making this an official feature.
I recently upgraded from v1.6.1 to v1.7.0 and it seems that the implementation to honor password history in an Active directory context hasn't been added in this version.
I have tested to set the same "Old" and "New" password in the main form, and it is blocking since the password is the same.
I then tried to update my password, store it as the N -1 password, and then update back my password to set the N -1 password. Our Active Directory policy is to not reuse the last 12 previous password. It should be blocked by the tool, but renew has been possible with my N -1 password.
Do you have any idea of when it will be implemented ?
As I can see, scope of this issue is currently 1.7.0, and the following issue is now closed : ltb-project/ltb-common#16.
I just wanted to put this out there, as I've seen password history mentioned in previous issues, and in case the maintainers have any interset in making this an official feature.
In Self Service Password v1.5 and below, I was able to replace this (https://github.com/ltb-project/self-service-password/blob/1.5/lib/functions.inc.php#L523-L527):
with this:
which would allow me to use
$who_change_password = "manager";
while still enforcing Active Directory's password history restrictions.In SSP v1.6, the password change code has been moved into https://github.com/ltb-project/ltb-ldap, so replacing this (https://github.com/ltb-project/ltb-ldap/blob/main/src/Ltb/Ldap.php#L349-L354):
with this:
now seems to accomplish the same thing.
The text was updated successfully, but these errors were encountered: