Description of problem: If we set passwordMinAge to the some appropriate value other then '0', it should not allow a user to change the password within this value of seconds passed from the previous change. Now it allows at all levels (cn=config or subtree/user password policy).
Version-Release number of selected component: 389-ds-base-1.3.5.10-8.el7.x86_64
How reproducible: Always
Steps to Reproduce: 1. Install Directory Server instance 2. Add a user to 'ou=people,dc=example,dc=com' 3. Set up password policy for the user and the subtree 4. Set passwordMinAge on the user pwdPolicy entry to '30' 5. Set passwordMinAge on the subtree pwdPolicy entry to '30' 6. Set passwordMinAge on the cn=config entry to '30' 7. Try to change userPassword binding as the user two times in a row
Actual results: It allows to change the password
Expected results: The user should not be allowed to change the password right after previous change
Additional info: It is a regression, because TET CI test runs show no issue on the 389-ds-base-1.3.4.0 build
git patch file (master) 0001-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
Note: a regression just in the master branch.
attachment 0001-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
Noriko, I've tested your patch with my test case and it has passed. Ack from me too.
Please, review my patch too. :)
Simon, thank you soooo much for finding it out. It was an embarrassing bug... :(
Your test suite covers the pwdpolicy features perfect. Thanks!!
0001-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch​ was reviewed by William and Simon. Thank you, both of you!
Pushed to master: 3a08be3..790e723 master -> master commit 790e723
Thank you too, Noriko!
To ssh://git.fedorahosted.org/git/389/ds.git
Pushed to master: 790e723..6abd5f4 master -> master commit 6abd5f4 Author: Simon Pichugin spichugi@redhat.com Date: Wed Aug 24 10:08:29 2016 +0200
I think I just forgot to close this ticket...
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.5.13
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2026
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.