#48896 Default Setting for passwordMinTokenLength does not work
Closed: Fixed None Opened 2 years ago by nhosoi.

Description of problem:
Default Setting for passwordMinTokenLength does not work

How reproducible:
Always

Steps to Reproduce:
1.Modify the cn=config entry and set 'passwordCheckSyntax' to 'on'

2.Add a user entry as below
ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389
dn: uid=jsmith,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
uid: jsmith
cn: john smith
sn: smith
userPassword: secret123

3. Now bind to the server with that user and modify the userPassword attribute
ldapmodify -x -D 'uid=jsmith,ou=people,dc=example,dc=com' -w secret123 -h
localhost -p 389
dn: uid=jsmith,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: J1234smi

Actual results:
The password was accepted and stored, even though it contained 3 sequential
characters from 'sn' attribute of the entry

Expected results:
This modify operation should have been rejected with a
Constraint Violation

Additional info:
I performed the same steps by setting passwordMinLength and
passwordMinCategories to their minimum values but still the password was
accepted and stored

I also performed the same steps on RHEL6 and was able to reproduce the issue

Reviewed by Mark (Thanks!!)

Pushed to master:
3e7d6d6..19e75b9 master -> master
commit 054f3ce
commit 19e75b9

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.6.0

2 years ago

Login to comment on this ticket.

Metadata