IBM Verify

Hey everyone,

in the SDS, I’m trying to set up a password policy where users can't reuse their last 5 passwords when they change it. Here’s what I’ve done so far:

1. Created a new group (Last5NotAllowedPwdPolicyGroup) with a test user as a member.
2. Created a pwdPolicy “Last5NotAllowed” with pwdInHistory = 5 and pwdCheckSyntax = 1 and passwordMinDiffChars = 1 according to the documentation 
3. Uploaded mypolicy.ldif file via "Custom File Management." and ran it from the SDS console client_tools to attach the pwdPolicy to the group:

• dn: Last5NotAllowedPwdPolicyGroup
  changetype: modify
  add: ibm-pwdGroupPolicyDN
  ibm-pwdGroupPolicyDN: cn=Last5NotAllowed,cn=ibmpolicies 

The file ran without errors, and I got this message: Operation 0 modifying entry Last5NotAllowedPwdPolicyGroup

However, the policy isn’t working as expected. The test user isn’t affected and can still change their password without any issue regarding the last 5 passwords.

I also enabled enhanced-pwd-policy = yes within the [LDAP]-stanza in the ldap.conf of the ISVA runtime.

I also tried just setting the pwdInHistory attribute and leaving the others on the default value.

We are using hashed passwords, so I am unsure about the correct usage of the passwordMinDiffChars attribute.

Any idea what I might have missed or what else I should check? 

Thanks a lot for any help!