Using the latest version of 389 packages in Fedora 19:
[akrivoka@vm-061 ~]$ rpm -qa | grep 389 389-ds-base-libs-1.3.1.2-1.fc19.x86_64 389-ds-base-1.3.1.2-1.fc19.x86_64 389-ds-base-devel-1.3.1.2-1.fc19.x86_64
Trying to modify the password as described below, always fails with Constraint violation.
[akrivoka@vm-061 ~]$ cat modify_pwd.txt dn: uid=admin,ou=people,o=ipaca changetype: modify replace: userpassword userpassword: NewPassword123! [akrivoka@vm-061 ~]$ ldapmodify -x -D 'cn=directory manager' -w blablabla -f modify_pwd.txt modifying entry "uid=admin,ou=people,o=ipaca" ldap_modify: Constraint violation (19) additional info: Password does not meet the policy requirements
However, it works with this previous koji build of 389 packages:
389-ds-base-devel-1.3.0.5-1.fc19.x86_64 389-ds-base-libs-1.3.0.5-1.fc19.x86_64 389-ds-base-1.3.0.5-1.fc19.x86_64
Is this with plain 389 or with IPA with the ipa pwpolicy plugin? Do you have any password policy configured?
Replying to [comment:1 rmeggins]:
It is a plain FreeIPA server installation without any custom configuration. I have attempted the above ldapmodify command right after running ipa-server-install.
ldapmodify
ipa-server-install
Replying to [comment:2 akrivoka]:
Replying to [comment:1 rmeggins]: Is this with plain 389 or with IPA with the ipa pwpolicy plugin? Do you have any password policy configured? It is a plain FreeIPA server installation without any custom configuration. I have attempted the above ldapmodify command right after running ipa-server-install.
Is it possible it is being rejected by the ipa password plugin?
Did you install IPA with the AD trust feature enabled?
Replying to [comment:4 nkinder]:
No, but I can confirm that with the new version of 389 packages (listed below), the password change succeeds. {{{ 389-ds-base-libs-1.3.1.3-1.fc19.x86_64 389-ds-base-devel-1.3.1.3-1.fc19.x86_64 389-ds-base-1.3.1.3-1.fc19.x86_64 }}}
Replying to [comment:5 akrivoka]:
Replying to [comment:4 nkinder]: Did you install IPA with the AD trust feature enabled? No, but I can confirm that with the new version of 389 packages (listed below), the password change succeeds. {{{ 389-ds-base-libs-1.3.1.3-1.fc19.x86_64 389-ds-base-devel-1.3.1.3-1.fc19.x86_64 389-ds-base-1.3.1.3-1.fc19.x86_64 }}}
This is very likely the same problem as ticket #47419, which was fixed in 389-ds-base-1.3.1.3-1.fc19. I'm going to go ahead and close this ticket.
Metadata Update from @rmeggins: - Issue set to the milestone: N/A
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/743
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Duplicate)
Login to comment on this ticket.