The Samba-Bugzilla – Bug 4485
ldapsam is limited to 15 password history entries
Last modified: 2007-04-04 05:10:20 UTC
+++ This bug was initially created as a clone of Bug #1914 +++
> due to it's current implementation (and pstring limitation), ldapsam does not
> handle more then 15 password history entries. (tdbsam and NT do).
> Any "password history"-account policy larger then 15 is silently reduced to 15.
still same problem in 3.0.23a.
All ok if "password history" is less of 15 ,if grater the ldap attribute is deleted and only the last password is inserted (followed by "\0" ).
The size of attribute sambaPasswordHistory (hash + salt + 0s) is alwais 896 chars,in which only 14 passwords can remain :
32 byte of hash + 32 byte of salt * 14
any ideas ?