When an admin resets a password the current password is not stored in the password history. This incorrectly allows the user to reuse the previous password after the reset.
attachment 0001-Ticket-48813-password-history-is-not-updated-when-an.patch
Your fix looks good to me.
Actually, this is not new but rather it's been there for ages; it makes me wonder if simultaneous password updates happens against one user, the slapi entry is protected properly? Like several admin's and the user him/herself try to update the password at one time? :) Could you try that on your local build? If there is no problem, you already have my ack.
Replying to [comment:3 nhosoi]:
Your fix looks good to me. Actually, this is not new but rather it's been there for ages; it makes me wonder if simultaneous password updates happens against one user, the slapi entry is protected properly? Like several admin's and the user him/herself try to update the password at one time? :) Could you try that on your local build? If there is no problem, you already have my ack.
Well I ran some concurrent userpassword updates under valgrind and I did not see any errors or leaks. Anything else you would like me to try?
Nope, I'm happy with the results. Thanks for running the extra tests!
09180b2..9c310b0 master -> master commit 9c310b0 Author: Mark Reynolds mreynolds@redhat.com Date: Tue May 3 09:57:36 2016 -0400
a8486ab..492a1d8 389-ds-base-1.3.4 -> 389-ds-base-1.3.4 commit 492a1d8
766bcd1..42ba838 389-ds-base-1.3.3 -> 389-ds-base-1.3.3 commit 42ba838
8817a13..b357e44 389-ds-base-1.3.2 -> 389-ds-base-1.3.2 commit b357e44
ba0358b..1a62647 389-ds-base-1.3.1 -> 389-ds-base-1.3.1 commit 1a62647ea58111875959bd0be2bc60afd8cffc64
e51b423..0a50470 389-ds-base-1.2.11 -> 389-ds-base-1.2.11 commit 0a50470
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332709
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332710
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.33
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1873
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.