#142 [RFE] Default password syntax settings don't work with fine-grained policies
Closed: wontfix None Opened 9 years ago by mkosek.


When using a global password policy for syntax checking, there are some default
settings that will be used (such as a minimum length of 8) if the config
attributes don't exist in cn=config.  This doesn't seem to work with the
fine-grained policies.

Here are some steps to reproduce the problem:

 1. - Enable global syntax checking, setting the minLength to 6.
 2. - Enable fine-grained password policies.
 3. - Create a subtree-level policy on "ou=People", enabling syntax checking
      with the default values (minLength will be displayed as 8 in Console).
 4. - Attempt to change a password of a user outside of "ou=People" with a
      password of 5 characters long.  This should be rejected with an err=19.
 5. - Try step 4 again, but with a password length of 6 characters.  This
      should work.
 6. - Try step 4 again, but with a user inside of "ou=People".  This should
      fail with an err=19, but it will succeed!

To work around the problem, you can add the password syntax attributes to the
fine-grained policy entry explicitly.  This can be done via the Console UI by
setting each of the syntax settings to a non-default value, saving it, then
setting them to what you want (even if you want the defaults) and saving again.

batch update moving tickets to future

set default ticket origin to Community

Added initial screened field value.

Built and tested, looks good to me.

Reviewed by William (Thank you!!)

Pushed to master:
f132cf4..f5b9053 master -> master
commit af1fc5e
commit 1c3fa84

Replying to [comment:10 spichugi]:

Looks good, ack

To ssh://git.fedorahosted.org/git/389/ds.git

Pushed to master:
a2d97e0..73d74f5 master -> master
commit 73d74f5
Author: Simon Pichugin spichugi@redhat.com
Date: Wed Aug 31 17:02:40 2016 +0200

Metadata Update from @spichugi:
- Issue assigned to nhosoi
- Issue set to the milestone:

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/142

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

a year ago

Login to comment on this ticket.