Bug 4485 - ldapsam is limited to 15 password history entries
Summary: ldapsam is limited to 15 password history entries
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.11
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-04 05:10 UTC by Stefano Zanarini
Modified: 2007-04-04 05:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefano Zanarini 2007-04-04 05:10:20 UTC
+++ This bug was initially created as a clone of Bug #1914 +++

> due to it's current implementation (and pstring limitation), ldapsam does not
> handle more then 15 password history entries. (tdbsam and NT do). 

> Any "password history"-account policy larger then 15 is silently reduced to 15.

still same problem in 3.0.23a.
All ok if "password history" is less of 15 ,if grater the ldap attribute is deleted and only the last password is inserted (followed by "\0" ).

The size of attribute sambaPasswordHistory (hash + salt + 0s) is alwais 896 chars,in which only 14 passwords can remain :

32 byte of hash + 32 byte of salt * 14  

any ideas ?