Learn more about these different git repos.
Other Git URLs
A similar issue was fixed by sumit in #982
Try to change password of a user in openldap server with ppolicy set("pwdInHistory: 6" and use the password used within the last 6 times):
# ssh -l ppuser1 localhost ppuser1@localhost's password: Your password has expired. You have 3 grace login(s) remaining. Last login: Tue Aug 30 15:33:40 2011 from localhost Could not chdir to home directory /home/ppuser1: No such file or directory id: cannot find name for group ID 564675 -sh-4.1$ passwd Changing password for user ppuser1. Current Password: New password: Retype new password: passwd: Authentication token manipulation error -sh-4.1$
log shows error message: [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
/var/log/sssd/sssd_LDAP.log snipped:
<snip>
(Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (9): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (7): Password Policy Response: expire [-1] grace [1] error [No error]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (4): Password expired. [1] grace logins remaining. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null) (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [auth_bind_user_done] (9): Found ppolicy data, assuming LDAP password policies are active. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_auth4chpass_done] (7): user [uid=ppuser1,dc=example,dc=com] successfully authenticated. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_control_create] (3): Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (4): Executing extended operation (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (8): ldap_extended_operation sent, msgid = 3 (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xccb740], connected[1], ops[0xd74510], ldap[0xd85030] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xccb740], connected[1], ops[0xd74510], ldap[0xd85030] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (5): Server returned no controls. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (3): ldap_extended_operation result: Constraint violation(19), Password is in history of old passwords (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Sending result [4][LDAP] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Sent result [4][LDAP] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace: sh[0xccb740], connected[1], ops[(nil)], ldap[0xd85030], destructor_lock[0], release_memory[0] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9): Successfully removed connection callback.
</snip>
Fields changed
component: SSSD => Kerberos Provider milestone: NEEDS_TRIAGE => SSSD 1.5.14 owner: somebody => jhrozek
Fixed by: - cd5b718 (master) - 75b52c9 (sssd-1-6) - 14765d3 (sssd-1-5)
patch: 0 => 1 resolution: => fixed status: new => closed
https://bugzilla.redhat.com/show_bug.cgi?id=737157
rhbz: => 0
Metadata Update from @kaushikub: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.5.14
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2027
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.