Bug 1389350

Summary: WinSync users who have First.Last casing creates users who can have their password set
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.3CC: abokovoy, ipa-maint, jcholast, jreznik, mbabinsk, mmuehlfe, nsoman, pvoborni, rcritten, sumenon, tscherf
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-13.el7_3 Doc Type: Bug Fix
Doc Text:
Previously, due to a bug in the principal name normalization, the "ipa passwd" command failed to convert user names to lower case. As a consequence, users synchronized from Active Directory (AD) with a mixed case user name were unable to change their passwords. The user principal name normalization has been fixed and as a result, the "ipa passwd" command now works correctly.
 Story Points: ---
Clone Of: 1375133 Environment:
Last Closed: 2016-12-06 17:02:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1375133    
Bug Blocks:    

Description Jaroslav Reznik 2016-10-27 13:31:48 UTC 
This bug has been copied from bug #1375133 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 6 Martin Babinsky 2016-11-09 08:52:22 UTC 
Done.
Comment 7 Sudhir Menon 2016-11-10 09:45:57 UTC 
Verified on RHEL7.3u1 using 

ipa-server-4.4.0-14.el7_3.x86_64
ipa-server-trust-ad-4.4.0-14.el7_3.x86_64
sssd-1.14.0-43.el7_3.2.x86_64

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Modify password for winsync users with mix case,bz824490
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: https://bugzilla.redhat.com/show_bug.cgi?id=824490
:: [   PASS   ] :: Generate ldif file to add user First.Last (Expected 0, got 0)
:: [   PASS   ] :: Adding new user in AD First.Last (Expected 0, got 0)
:: [   PASS   ] :: Sleep 30 for sync interval (Expected 0, got 0)
:: [   PASS   ] :: First.Last sync to IPA (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.9IfYK8ttF2/tmpout.ipa_winsync_bz824490.out' should contain 'Password: True' 
:: [   PASS   ] :: Password sync for First.Last 
:: [   LOG    ] :: kinit as first.last with password Secret123 was successful.
:: [   PASS   ] :: Kinit as First.Last with first passwd (Expected 0, got 0)
:: [   PASS   ] :: Command 'sleep 10' (Expected 0, got 0)
:: [   PASS   ] :: Destroy any credentials (Expected 0, got 0)
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Kinit as admin user (Expected 0, got 0)
:: [   PASS   ] :: Reset First.Last passwd from IPA (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.9IfYK8ttF2/tmpout.ipa_winsync_bz824490.out' should contain 'Changed password for "first.last"' 
:: [   PASS   ] :: Password modify for mix case user. bz824490 not found 
:: [   PASS   ] :: Sleep Some time to sync password to AD (Expected 0, got 0)
:: [   LOG    ] :: kinit as first.last with new password Enc3y1pt39 was successful.
:: [   PASS   ] :: Password modify for mix case user. bz824490 not found 
:: [   PASS   ] :: Sleep Some time to sync password to AD (Expected 0, got 0)
:: [   PASS   ] :: Command 'ipa user-show First.Last > /tmp/tmp.9IfYK8ttF2/tmpout.ipa_winsync_bz824490.out 2>&1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.9IfYK8ttF2/tmpout.ipa_winsync_bz824490.out' should contain 'Password: True' 
:: [   LOG    ] :: kinit as first.last with password Enc3y1pt39 was successful.
:: [   PASS   ] :: Kinit as First.Last with final passwd (Expected 0, got 0)
:: [   PASS   ] :: Destroy any credentials (Expected 0, got 0)
:: [   PASS   ] :: Authentication successful for first.last, as expected 
:: [   PASS   ] :: Command 'ssh_auth_success first.last Enc3y1pt39 ibm-x3250m4-05.sync2k12r2.test' (Expected 0, got 0)
:: [   PASS   ] :: Password modify for mix case user. bz824490 not found 
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Kinit as admin user (Expected 0, got 0)
:: [   PASS   ] :: Deleting First.Last (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2m 21s
:: [   LOG    ] :: Assertions: 25 good, 0 bad
:: [   PASS   ] :: RESULT: Modify password for winsync users with mix case,bz824490
Comment 11 errata-xmlrpc 2016-12-06 17:02:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2863.html