#4148 Expecting appropriate error message when new password length is less than 8 characters when ldap_pwmodify_mode = ldap_modify in sssd.conf
Closed: Fixed 9 months ago by pbrezina. Opened 11 months ago by pbrezina.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1795960

Description of problem:
Expecting appropriate error message when new password length is less than 8
characters when ldap_pwmodify_mode = ldap_modify in sssd.conf

Version-Release number of selected component (if applicable):
sssd-1.16.4-37.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup sssd client with the rhds server and enable passwordCheckSyntax on
server
[root@ci-vm-10-0-153-118 ~]#  ldapsearch -xLLL -p 389 -h localhost -D
"cn=Directory Manager" -w Secret123 -b "cn=config"  | grep passwordCheckSyntax
passwordCheckSyntax: on

2. Add ldap_pwmodify_mode = ldap_modify in sssd.conf
[root@ci-vm-10-0-153-121 ~]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = example1

[domain/example1]
ldap_search_base = dc=example,dc=test
id_provider = ldap
auth_provider = ldap
ldap_user_home_directory = /home/%u
ldap_uri = ldaps://server.example.com
use_fully_qualified_names = True
debug_level = 9
ldap_pwmodify_mode = ldap_modify

3. Try to change password of a user

Actual results:
[foo9@example1@ipaqavmh /]$ passwd
Changing password for user foo9@example1.
Current Password:
New password: <password like red_12>
Retype new password: <password like red_12>
passwd: all authentication tokens updated successfully.

Here I provided a new password having a length less than 8 characters
but still, it's giving a message of successful password change.


from log,
(Wed Jan 29 05:14:55 2020) [sssd[be[example1]]] [sdap_process_result] (0x2000):
Trace: sh[0x5587f4bdd960], connected[1], ops[0x5587f4bfbb90],
ldap[0x5587f4bfdb80]
(Wed Jan 29 05:14:55 2020) [sssd[be[example1]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_MODIFY]
(Wed Jan 29 05:14:55 2020) [sssd[be[example1]]] [sdap_modify_done] (0x1000):
ldap_modify result: Constraint violation(19), invalid password syntax -
password must be at least 8 characters long
(Wed Jan 29 05:14:55 2020) [sssd[be[example1]]] [sdap_op_destructor] (0x2000):
Operation 3 finished
(Wed Jan 29 05:14:55 2020) [sssd[be[example1]]] [sdap_modify_passwd_done]
(0x0400): Password change for [uid=foo9,ou=People,dc=example,dc=test] was
successful



Expected results:
Must give a proper error message when new password length is less than 8
characters.

Additional info:

Metadata Update from @pbrezina:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1795960

11 months ago

Metadata Update from @pbrezina:
- Issue assigned to pbrezina

11 months ago

Metadata Update from @pbrezina:
- Issue tagged with: PR

11 months ago
  • master
    • e4c6ebf - sdap: provide error message when password change fail in ldap_modify mode
  • sssd-1-16
    • ddf0a59 - sdap: provide error message when password change fail in ldap_modify mode

Metadata Update from @pbrezina:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

9 months ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5106

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata