Currently we cannot store more then 15 password history entries (windows
NT4 allows to store 24) in ldapsam. When choosing more then "15" with
pdbedit -P "password history", we fail to initialize the password
history upon password change and overwrite the history, effectively
using a password history of "1". We do already decrease any
history-policy larger then 15 to 15 while storing the password history
list attribute in ldap.
Guenther
(This used to be commit
a4b47e71475a06c2e2287613b00648c5f53ae52c)
uint8 *pwhist = NULL;
int i;
+ /* We can only store (sizeof(pstring)-1)/64 password history entries. */
+ pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+
if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
return False;