In the password policy, I have a password generator for the account, and also I set the ds-cfg-password-history-count = 5 to keep five used passwords.
And then I use the ldappasswordmodify command to reset the password of the account without the new password, but relying on the password generator. for example:
./ldappasswordmodify --hostname localhost --port 24389 --bindDN "cn=Root, ou=Accounts, ou=System, dc=test.com" --bindPassword "test,111" --authzID "u:aaa@test"
After this code executed, I can have the new generated password generated, but the problem is, the original password is not put into the password history.