Overview#

PwdInHistory is an AttributeType defined in Draft-behera-ldap-password-policy and used within several LDAP Server Implementations!! Draft-behera-ldap-password-policy If pwdInHistory is present and its value is non-zero, the server checks whether this password exists in the entry's pwdHistory attribute or in the current password attribute. If the password does exist in the pwdHistory attribute or in the current password attribute, the server sends a response message to the client with the resultCode: constraintViolation (19), and includes the passwordPolicyResponse in the controls field of the response message with the error: passwordInHistory (8).

If this attribute is not present, or if the value is 0, used passwords are not stored in the pwdHistory attribute and thus may be reused.

LDAP Attribute Definition#

The PwdInHistory AttributeTypes is defined as:

• OID of 1.3.6.1.4.1.42.2.27.8.1.4
• NAME: PwdInHistory
• DESC:
• Supertype:
• EQUALITY: IntegerMatch
• ORDERING:
• SYNTAX: 1.3.6.1.4.1.1466.115.121.1.27
• SINGLE-VALUE
• USAGE: UserApplications
• Extended Flags:
  • X-ORIGIN: Draft-behera-ldap-password-policy
• Used as MUST in:
• Used as MAY in:

eDirectory PwdInHistory#

PwdInHistory specifies the maximum number of used passwords stored in the nspmPasswordHistory attribute.

If PwdInHistory exists then the values of the nspmPasswordHistoryLimit, the nspmPasswordHistoryExpiration, and the PasswordUniqueRequired are ignored

More Information#

There might be more information for this subject on one of the following:

• 1.3.6.1.4.1.42.2.27.8.1.4
• 2.16.840.1.113719.1.39.43.6.1
• Draft-behera-ldap-password-policy
• NspmPasswordPolicy
• Password History
• PwdPolicy
• SCIM Password Management Extension