Bug 4485 - ldapsam is limited to 15 password history entries
ldapsam is limited to 15 password history entries
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.11
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-04 05:10 UTC by Stefano Zanarini
Modified: 2007-04-04 05:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefano Zanarini 2007-04-04 05:10:20 UTC
+++ This bug was initially created as a clone of Bug #1914 +++

> due to it's current implementation (and pstring limitation), ldapsam does not
> handle more then 15 password history entries. (tdbsam and NT do). 

> Any "password history"-account policy larger then 15 is silently reduced to 15.

still same problem in 3.0.23a.
All ok if "password history" is less of 15 ,if grater the ldap attribute is deleted and only the last password is inserted (followed by "\0" ).

The size of attribute sambaPasswordHistory (hash + salt + 0s) is alwais 896 chars,in which only 14 passwords can remain :

32 byte of hash + 32 byte of salt * 14  

any ideas ?