https://bugzilla.redhat.com/show_bug.cgi?id=190862
When using a global password policy for syntax checking, there are some default settings that will be used (such as a minimum length of 8) if the config attributes don't exist in cn=config. This doesn't seem to work with the fine-grained policies. Here are some steps to reproduce the problem: 1. - Enable global syntax checking, setting the minLength to 6. 2. - Enable fine-grained password policies. 3. - Create a subtree-level policy on "ou=People", enabling syntax checking with the default values (minLength will be displayed as 8 in Console). 4. - Attempt to change a password of a user outside of "ou=People" with a password of 5 characters long. This should be rejected with an err=19. 5. - Try step 4 again, but with a password length of 6 characters. This should work. 6. - Try step 4 again, but with a user inside of "ou=People". This should fail with an err=19, but it will succeed! To work around the problem, you can add the password syntax attributes to the fine-grained policy entry explicitly. This can be done via the Console UI by setting each of the syntax settings to a non-default value, saving it, then setting them to what you want (even if you want the defaults) and saving again.
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
git patch file (master) 0001-Ticket-142-RFE-Default-password-syntax-settings-don-.patch
git patch file (master) -- CI test 0002-Ticket-142-CI-test-added-test-cases-for-ticket-142.patch
Built and tested, looks good to me.
Reviewed by William (Thank you!!)
Pushed to master: f132cf4..f5b9053 master -> master commit af1fc5e commit 1c3fa84
attachment 0001-Ticket-142-Refactor-and-move-CI-test.patch
Replying to [comment:10 spichugi]:
Looks good, ack
To ssh://git.fedorahosted.org/git/389/ds.git
Pushed to master: a2d97e0..73d74f5 master -> master commit 73d74f5 Author: Simon Pichugin spichugi@redhat.com Date: Wed Aug 31 17:02:40 2016 +0200
Metadata Update from @spichugi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.5.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/142
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.