Issue #2443: Password expiration policies are not being enforced by SSSD - sssd

SSSD / sssd

#2443 Password expiration policies are not being enforced by SSSD

Closed: Fixed None Opened 9 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1141814

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Password expiration policies are not being enforced by SSSD when there are
multiple password related controls.

Version-Release number of selected component (if applicable):
sssd-1.11.6-12

How reproducible:
Always in customer environment.

Actual results:
User is not forced to change the password.

Expected results:
User should be forced to change the password.

Additional info:

SSSD Debug logs

(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password Policy Response: expire [0] grace [-1] error [Password must be
changed].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password was reset. User must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.4].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password expired user must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.5].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [0] seconds.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind
result: Success(0), no errmsg set
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000):
Found ppolicy data, assuming LDAP password policies are active.

jhrozek commented 9 years ago

The patch was acked on the devel list.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

jhrozek commented 9 years ago

master: 6a3ec7b

I'll leave the ticket open till the triage.

jhrozek commented 9 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.2

jhrozek commented 9 years ago

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.2

7 years ago

pbrezina commented 4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3485

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

jhrozek

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.12.2

type

defect

component

SSSD

version

None

selected

None

testsupdated

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1141814

design_review

review

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2443 Password expiration policies are not being enforced by SSSD Closed: Fixed None Opened 9 years ago by jhrozek.

Metadata

#2443 Password expiration policies are not being enforced by SSSD

Closed: Fixed None Opened 9 years ago by jhrozek.