#2443 Password expiration policies are not being enforced by SSSD
Closed: Fixed None Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1141814

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Password expiration policies are not being enforced by SSSD when there are
multiple password related controls.

Version-Release number of selected component (if applicable):
sssd-1.11.6-12

How reproducible:
Always in customer environment.

Actual results:
User is not forced to change the password.

Expected results:
User should be forced to change the password.

Additional info:

SSSD Debug logs

(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password Policy Response: expire [0] grace [-1] error [Password must be
changed].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password was reset. User must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.4].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password expired user must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.5].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [0] seconds.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind
result: Success(0), no errmsg set
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000):
Found ppolicy data, assuming LDAP password policies are active.

The patch was acked on the devel list.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

I'll leave the ticket open till the triage.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.2

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.2

2 years ago

Login to comment on this ticket.

Metadata