Bug 1084304
Summary: | [RFE] Support IdM user password change operation in the compat tree | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | slapi-nis | Assignee: | Alexander Bokovoy <abokovoy> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | dpal, enewland, ksiddiqu, nalin, sumenon |
Target Milestone: | rc | Keywords: | FutureFeature, Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | slapi-nis-0.56.0-3.el7 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 07:04:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1084018 |
Description
Martin Kosek
2014-04-04 06:40:48 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This bug is fixed in slapi-nis 0.56.0. The rebase to slapi-nis 0.56.0 is tracked with bug #1292148. Alexander, while you are right that this will be delivered with the rebase, it is an RFE that needs to go through the full Bug life-cycle, including a QE verification. Moving to MODIFIED. Tested on RHEL7.3 using ipa-server-4.4.0-7.el7.x86_64 sssd-1.14.0-18.el7.x86_64 1. Without password set for ipa user [root@ipaserver abrt]# ldappasswd -D uid=john,cn=users,cn=compat,dc=redlabs,dc=qe -W Enter LDAP Password: ldap_bind: Inappropriate authentication (48) 2. With password set and user disabled in IPA [root@ipaserver abrt]# ipa passwd john New Password: Enter New Password again to verify: -------------------------------------- Changed password for "john" [root@ipaserver abrt]# ipa user-disable john ---------------------------- Disabled user account "john" ---------------------------- [root@ipaserver abrt]# ldappasswd -D uid=john,cn=users,cn=compat,dc=redlabs,dc=qe -W Enter LDAP Password: ldap_bind: Server is unwilling to perform (53) additional info: Account inactivated. Contact system administrator. 3. Change admin password for IPA [root@ipaserver abrt]# ldappasswd -D uid=admin,cn=users,cn=compat,dc=redlabs,dc=qe -W -s **** -a **** Enter LDAP Password: Result: Success (0) 3.a Trying to change password immediately for admin user [root@ipaserver abrt]# ldappasswd -D uid=admin,cn=users,cn=compat,dc=redlabs,dc=qe -W -a Secret123 -s Direct123 -vvv ldap_initialize( <DEFAULT> ) Enter LDAP Password: Result: Constraint violation (19) Additional info: Too soon to change password control: 1.3.6.1.4.1.42.2.27.8.5.1 false MIQAAAADgQEH ppolicy: error=7 (Password has been changed too recently) 4. Invalid ipa user [root@ipaserver abrt]# ldappasswd -D uid=joe,cn=users,cn=compat,dc=redlabs,dc=qe -W Enter LDAP Password: ldap_bind: Invalid credentials (49) 5. valid ipa user [root@ipaserver abrt]# ldappasswd -D uid=john,cn=users,cn=compat,dc=redlabs,dc=qe -W -a test_123 -s test_123 -vv ldap_initialize( <DEFAULT> ) Enter LDAP Password: Result: Success (0) 5.a Change password immediately for ipa user. [root@ipaserver abrt]# ldappasswd -D uid=john,cn=users,cn=compat,dc=redlabs,dc=qe -W -a test_123 -s test_123 -vvv ldap_initialize( <DEFAULT> ) Enter LDAP Password: Result: Constraint violation (19) Additional info: Too soon to change password control: 1.3.6.1.4.1.42.2.27.8.5.1 false MIQAAAADgQEH ppolicy: error=7 (Password has been changed too recently) 6. With Ad trusted user. [root@ipaserver abrt]# ldapsearch -x -LLL '(&(objectclass=posixaccount)(uid=sudhir))' dn: uid=sudhir,cn=users,cn=compat,dc=redlabs,dc=qe objectClass: ipaOverrideTarget objectClass: posixAccount objectClass: top cn: sudhir gidNumber: 558001482 gecos: sudhir ipaAnchorUUID:: OlNJRDpTLTEtNS0yMS0zOTEyNzE5NTIxLTE5Njc1OTAzNjAtMTEzNjIyNjUyNC 0xNDgy uidNumber: 558001482 homeDirectory: /home/pne.qe/sudhir uid: sudhir [root@ipaserver abrt]# ldappasswd -D uid=sudhir,cn=users,cn=compat,dc=redlabs,dc=qe -W Enter LDAP Password: Result: Server is unwilling to perform (53) Additional info: PasswdModify Request empty. Note: ldappasswd changes for AD users is not supported. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2471.html |