#2443 Password expiration policies are not being enforced by SSSD
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1141814

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Password expiration policies are not being enforced by SSSD when there are
multiple password related controls.

Version-Release number of selected component (if applicable):
sssd-1.11.6-12

How reproducible:
Always in customer environment.

Actual results:
User is not forced to change the password.

Expected results:
User should be forced to change the password.

Additional info:

SSSD Debug logs

(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password Policy Response: expire [0] grace [-1] error [Password must be
changed].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password was reset. User must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.4].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password expired user must set a new password.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.5].
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [0] seconds.
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind
result: Success(0), no errmsg set
(Fri Sep 12 10:04:16 2014) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000):
Found ppolicy data, assuming LDAP password policies are active.

The patch was acked on the devel list.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

I'll leave the ticket open till the triage.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.2

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3485

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata