#48967 passwordMinAge attribute doesn't limit the minimum age of the password
Closed: Fixed None Opened 2 years ago by spichugi.

Description of problem:
If we set passwordMinAge to the some appropriate value other then '0', it should not allow a user to change the password within this value of seconds passed from the previous change.
Now it allows at all levels (cn=config or subtree/user password policy).

Version-Release number of selected component:

How reproducible:

Steps to Reproduce:
1. Install Directory Server instance
2. Add a user to 'ou=people,dc=example,dc=com'
3. Set up password policy for the user and the subtree
4. Set passwordMinAge on the user pwdPolicy entry to '30'
5. Set passwordMinAge on the subtree pwdPolicy entry to '30'
6. Set passwordMinAge on the cn=config entry to '30'
7. Try to change userPassword binding as the user two times in a row

Actual results:
It allows to change the password

Expected results:
The user should not be allowed to change the password right after previous change

Additional info:
It is a regression, because TET CI test runs show no issue on the 389-ds-base- build

Note: a regression just in the master branch.

Noriko, I've tested your patch with my test case and it has passed. Ack from me too.

Please, review my patch too. :)

Simon, thank you soooo much for finding it out. It was an embarrassing bug... :(

Your test suite covers the pwdpolicy features perfect. Thanks!!

0001-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch​ was reviewed by William and Simon.
Thank you, both of you!

Pushed to master:
3a08be3..790e723 master -> master
commit 790e723

Thank you too, Noriko!

To ssh://git.fedorahosted.org/git/389/ds.git

Pushed to master:
790e723..6abd5f4 master -> master
commit 6abd5f4
Author: Simon Pichugin spichugi@redhat.com
Date: Wed Aug 24 10:08:29 2016 +0200

I think I just forgot to close this ticket...

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone:

2 years ago

Login to comment on this ticket.