#47406 Password change rejected
Closed: wontfix None Opened 10 years ago by akrivoka.

Using the latest version of 389 packages in Fedora 19:

[akrivoka@vm-061 ~]$ rpm -qa | grep 389
389-ds-base-libs-1.3.1.2-1.fc19.x86_64
389-ds-base-1.3.1.2-1.fc19.x86_64
389-ds-base-devel-1.3.1.2-1.fc19.x86_64

Trying to modify the password as described below, always fails with Constraint violation.

[akrivoka@vm-061 ~]$ cat modify_pwd.txt 
dn: uid=admin,ou=people,o=ipaca
changetype: modify
replace: userpassword
userpassword: NewPassword123!
[akrivoka@vm-061 ~]$ ldapmodify -x -D 'cn=directory manager' -w blablabla -f modify_pwd.txt 
modifying entry "uid=admin,ou=people,o=ipaca"
ldap_modify: Constraint violation (19)
    additional info: Password does not meet the policy requirements

However, it works with this previous koji build of 389 packages:

389-ds-base-devel-1.3.0.5-1.fc19.x86_64
389-ds-base-libs-1.3.0.5-1.fc19.x86_64
389-ds-base-1.3.0.5-1.fc19.x86_64

Is this with plain 389 or with IPA with the ipa pwpolicy plugin?
Do you have any password policy configured?

Replying to [comment:1 rmeggins]:

Is this with plain 389 or with IPA with the ipa pwpolicy plugin?
Do you have any password policy configured?

It is a plain FreeIPA server installation without any custom configuration.
I have attempted the above ldapmodify command right after running ipa-server-install.

Replying to [comment:2 akrivoka]:

Replying to [comment:1 rmeggins]:

Is this with plain 389 or with IPA with the ipa pwpolicy plugin?
Do you have any password policy configured?

It is a plain FreeIPA server installation without any custom configuration.
I have attempted the above ldapmodify command right after running ipa-server-install.

Is it possible it is being rejected by the ipa password plugin?

Did you install IPA with the AD trust feature enabled?

Replying to [comment:4 nkinder]:

Did you install IPA with the AD trust feature enabled?

No, but I can confirm that with the new version of 389 packages (listed below), the password change succeeds.
{{{
389-ds-base-libs-1.3.1.3-1.fc19.x86_64
389-ds-base-devel-1.3.1.3-1.fc19.x86_64
389-ds-base-1.3.1.3-1.fc19.x86_64
}}}

Replying to [comment:5 akrivoka]:

Replying to [comment:4 nkinder]:

Did you install IPA with the AD trust feature enabled?

No, but I can confirm that with the new version of 389 packages (listed below), the password change succeeds.
{{{
389-ds-base-libs-1.3.1.3-1.fc19.x86_64
389-ds-base-devel-1.3.1.3-1.fc19.x86_64
389-ds-base-1.3.1.3-1.fc19.x86_64
}}}

This is very likely the same problem as ticket #47419, which was fixed in 389-ds-base-1.3.1.3-1.fc19. I'm going to go ahead and close this ticket.

Metadata Update from @rmeggins:
- Issue set to the milestone: N/A

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/743

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Duplicate)

3 years ago

Login to comment on this ticket.

Metadata