#48896 Default Setting for passwordMinTokenLength does not work
Closed: wontfix None Opened 4 years ago by nhosoi.

Description of problem:
Default Setting for passwordMinTokenLength does not work

How reproducible:
Always

Steps to Reproduce:
1.Modify the cn=config entry and set 'passwordCheckSyntax' to 'on'

2.Add a user entry as below
ldapadd -x -D 'cn=Directory Manager' -w secret123 -h localhost -p 389
dn: uid=jsmith,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
uid: jsmith
cn: john smith
sn: smith
userPassword: secret123

3. Now bind to the server with that user and modify the userPassword attribute
ldapmodify -x -D 'uid=jsmith,ou=people,dc=example,dc=com' -w secret123 -h
localhost -p 389
dn: uid=jsmith,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: J1234smi

Actual results:
The password was accepted and stored, even though it contained 3 sequential
characters from 'sn' attribute of the entry

Expected results:
This modify operation should have been rejected with a
Constraint Violation

Additional info:
I performed the same steps by setting passwordMinLength and
passwordMinCategories to their minimum values but still the password was
accepted and stored

I also performed the same steps on RHEL6 and was able to reproduce the issue

Reviewed by Mark (Thanks!!)

Pushed to master:
3e7d6d6..19e75b9 master -> master
commit 054f3ce
commit 19e75b9

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.6.0

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1955

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

9 months ago

Login to comment on this ticket.

Metadata