Whatever is the password policy (local or default), when updating the "userpassword" the password policy attribute "passwordgraceusertime" is reset to 0. In some cases it is useless (if the value was already 0). In addition in a customer case where password policy is default, retroCL records this unexpected update.
Test case: Create an instance and a test entry with a password
ldapsearch -LLL -h localhost -p 2011 -D "cn=directory manager" -w Secret123 -b "dc=com" uid=xxx passwordgraceusertime dn: uid=xxx,dc=com passwordgraceusertime: 0 ldapmodify -h localhost -p 2011 -D "cn=directory manager" -w Secret123 dn: uid=xxx,dc=com changetype: modify replace: userpassword userpassword: secret12 (gdb) break pw_apply_mods (gdb) c (gdb) where #0 pw_apply_mods (sdn=0x7f50cc000d70, mods=0x7f50eb7f9690) at ldap/servers/slapd/pw_retry.c:263 #1 0x00007f5108e2b3ff in update_pw_info (pb=0x7f50eb7fdaa0, old_pw=0x0) at ldap/servers/slapd/pw.c:686 #2 0x00007f5108e0c918 in op_shared_modify (pb=0x7f50eb7fdaa0, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1091 #3 0x00007f5108e0b084 in do_modify (pb=0x7f50eb7fdaa0) at ldap/servers/slapd/modify.c:415 #4 0x0000000000414d86 in connection_dispatch_operation (conn=0x7f5100330e10, op=0x12021d0, pb=0x7f50eb7fdaa0) at ldap/servers/slapd/connection.c:652 #5 0x00000000004169ab in connection_threadmain () at ldap/servers/slapd/connection.c:2479 #6 0x0000003426428afd in _pt_root (arg=0x1216d30) at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:191 #7 0x00000035d7007d14 in start_thread (arg=0x7f50eb7fe700) at pthread_create.c:309 #8 0x00000035d6cf168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 (gdb) break ldbm_back_modify (gdb) c (gdb) where #0 ldbm_back_modify (pb=0x7f50eb7f9390) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:541 #1 0x00007f5108e0c871 in op_shared_modify (pb=0x7f50eb7f9390, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1075 #2 0x00007f5108e0b643 in modify_internal_pb (pb=0x7f50eb7f9390) at ldap/servers/slapd/modify.c:627 #3 0x00007f5108e0b220 in slapi_modify_internal_pb (pb=0x7f50eb7f9390) at ldap/servers/slapd/modify.c:482 #4 0x00007f5108e3000b in pw_apply_mods (sdn=0x7f50cc00e810, mods=0x7f50eb7f9690) at ldap/servers/slapd/pw_retry.c:274 #5 0x00007f5108e2b3ff in update_pw_info (pb=0x7f50eb7fdaa0, old_pw=0x0) at ldap/servers/slapd/pw.c:686 #6 0x00007f5108e0c918 in op_shared_modify (pb=0x7f50eb7fdaa0, pw_change=1, old_pw=0x0) at ldap/servers/slapd/modify.c:1091 #7 0x00007f5108e0b084 in do_modify (pb=0x7f50eb7fdaa0) at ldap/servers/slapd/modify.c:415 #8 0x0000000000414d86 in connection_dispatch_operation (conn=0x7f5100330e10, op=0x12021d0, pb=0x7f50eb7fdaa0) at ldap/servers/slapd/connection.c:652 #9 0x00000000004169ab in connection_threadmain () at ldap/servers/slapd/connection.c:2479 #10 0x0000003426428afd in _pt_root (arg=0x1216d30) at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:191 #11 0x00000035d7007d14 in start_thread (arg=0x7f50eb7fe700) at pthread_create.c:309 #12 0x00000035d6cf168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 ... (gdb) 541 if (modify_apply_check_expand(pb, operation, mods, e, ec, &postentry, (gdb) print mods[0]->mod_type $2 = 0x7f50cc007890 "passwordgraceusertime" (gdb) print mods[0]->mod_vals->modv_bvals->bv_len $6 = 1 (gdb) print mods[0]->mod_vals->modv_bvals->bv_val $7 = 0x7f50cc0077b0 "0"
attachment 0001-Ticket-47371-Some-updates-of-passwordgraceusertime-a.patch
git merge ticket47371 Updating 56441c3..5bbd365 Fast-forward ldap/servers/slapd/pw.c | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 846 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 56441c3..5bbd365 master -> master
commit 5bbd365 Author: Mark Reynolds mreynolds@redhat.com Date: Wed Aug 28 16:30:26 2013 -0400
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1044157
Metadata Update from @nkinder: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.2 - 09/13 (September)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/708
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.