diff --git a/CHANGES b/CHANGES
index e50a359f5653d391d2f3dc37ab91e3ac06e5d643..f4646ec1bbc7edba5d71cf52840592b02d8fc6ee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ OpenLDAP 2.4.8 Engineering
 	Fixed slapd-ldif delete (ITS#5265)
 	Added slapo-autogroup contrib module (ITS#5145)
 	Added slapo-constraint cross-attribute constraints (ITS#4987)
+	Fixed slapo-ppolicy password checking when no policy required it (ITS#5285)
 	Added slapo-translucent local searching (ITS#5283)
 	Fixed test047 to skip if rwm is not available (ITS#5292)
 	Build Environment
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b7f32c3570d57d2162ee4615d3b0a52f5c891a4e..2610ea5831abf02fcb7ef3a1892452d0ccc688f5 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1771,7 +1771,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		}
 	}
 
-	if (pa) {
+	/* If pwdInHistory is zero, passwords may be reused */
+	if (pa && pp.pwdInHistory > 0) {
 		/*
 		 * Last check - the password history.
 		 */
@@ -1787,8 +1788,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 			goto return_results;
 		}
 	
-		if (pp.pwdInHistory < 1) goto do_modify;
-	
 		/*
 		 * Iterate through the password history, and fail on any
 		 * password matches.