[python-ldap] Password history / password policy

[Joey Hendricks]

Hi guys,

I,m busy with the Python-Ldap module and i,m running into a bit of trouble
with my company's password policy.
We dont want a user to be able to reset his password to a password he has
used before we have set our password policy the following way:

Enforce password history                                 :   24 passwords
remembered
Maximum password age                                  :   42 days
Minimum password age                                   :   1 days
Minimum password length                                :   8 characters
Password must meet complexity requirements  :    Disabled


i,m using the following Pyhton code to change the password

            server = LDAP_IP
            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
            conn = ldap.initialize(server)
            conn.set_option(ldap.OPT_REFERRALS, 0)
            conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
            conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
            conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
            conn.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
            conn.simple_bind_s(base64.b64decode(BIND_DN),
base64.b64decode(BIND_PASS))
            password_value1 = '"{0}\"'.format(pwd).encode("utf-16-le")
            add_pass = [(ldap.MOD_REPLACE, "UnicodePwd", password_value1)]
            conn.modify_s(CN_NAME, add_pass)
            conn.unbind_s()"

Or is there a way that the ad wont change the password if the password has
been used before.

So that I completely obey my password policy.

I hope someone can help me

Kind regards

Joey Hendricks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20170215/2d55a78e/attachment.html>