Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1141814
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: Password expiration policies are not being enforced by SSSD when there are multiple password related controls. Version-Release number of selected component (if applicable): sssd-1.11.6-12 How reproducible: Always in customer environment. Actual results: User is not forced to change the password. Expected results: User should be forced to change the password. Additional info: SSSD Debug logs (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password Policy Response: expire [0] grace [-1] error [Password must be changed]. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password was reset. User must set a new password. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [2.16.840.1.113730.3.4.4]. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password expired user must set a new password. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server returned control [2.16.840.1.113730.3.4.5]. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000): Password will expire in [0] seconds. (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set (Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000): Found ppolicy data, assuming LDAP password policies are active.
The patch was acked on the devel list.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => owner: somebody => jhrozek patch: 0 => 1 review: True => 0 selected: => testsupdated: => 0
I'll leave the ticket open till the triage.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.12.2
resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.12.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3485
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.