Bug 1795960
| Summary: | Expecting appropriate error message when new password length is less than 8 characters when ldap_pwmodify_mode = ldap_modify in sssd.conf | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Madhuri <mupadhye> |
| Component: | sssd | Assignee: | Pavel Březina <pbrezina> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.8 | CC: | atikhono, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sgoveas, thalman, tscherf |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | sssd-1.16.5-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-29 19:49:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Madhuri
2020-01-29 10:30:08 UTC
Upstream ticket: https://pagure.io/SSSD/sssd/issue/4148 Upstream PR: https://github.com/SSSD/sssd/pull/979 * `master`
* e4c6ebf6754dca194487f02b616018a860e5dbdf - sdap: provide error message when password change fail in ldap_modify mode
* `sssd-1-16`
* ddf0a59a610570111fadc391f104c29442e01ac8 - sdap: provide error message when password change fail in ldap_modify mode
Verified with # rpm -qa sssd sssd-1.16.5-1.el7.x86_64 Verification steps: 1. Setup sssd client with the rhds server and enable passwordCheckSyntax on server [cloud-user@ci-vm-10-0-105-136 ~]$ ldapsearch -xLLL -p 389 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep passwordCheckSyntax passwordCheckSyntax: on 2. Add ldap_pwmodify_mode = ldap_modify in sssd.conf [root@ci-vm-10-0-106-198 ~]# cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = example1 [domain/example1] ldap_search_base = dc=example,dc=test id_provider = ldap auth_provider = ldap ldap_user_home_directory = /home/%u ldap_uri = ldaps://server.example.com use_fully_qualified_names = True debug_level = 9 ldap_pwmodify_mode = ldap_modify 3. Try to change the password [root@ci-vm-10-0-106-198 ~]# ssh -l foo1@example1 localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:p+UwDzsRiHCvSK51IahuzSUu2nf4ZHcVSqzcE0/zGiI. ECDSA key fingerprint is MD5:05:d1:aa:6a:0f:9b:38:0c:26:b7:c8:b7:73:5b:44:1a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. foo1@example1@localhost's password: Could not chdir to home directory : No such file or directory -bash-4.2$ passwd Changing password for user foo1@example1. Current Password: New password: Retype new password: Password change failed. Server message: invalid password syntax - password must be at least 8 characters long passwd: Authentication token is no longer valid; new one required -bash-4.2$ exit logout Connection to localhost closed. From log, (Thu May 21 07:17:47 2020) [sssd[be[example1]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_MODIFY] (Thu May 21 07:17:47 2020) [sssd[be[example1]]] [sdap_modify_done] (0x1000): ldap_modify result: Constraint violation(19), invalid password syntax - password must be at least 8 characters long (Thu May 21 07:17:47 2020) [sssd[be[example1]]] [sdap_op_destructor] (0x2000): Operation 3 finished (Thu May 21 07:17:47 2020) [sssd[be[example1]]] [sdap_modify_passwd_done] (0x0020): Password change for [uid=foo1,ou=People,dc=example,dc=test] failed [1432158227]: Password Change Denied (Thu May 21 07:17:47 2020) [sssd[be[example1]]] [sdap_handle_release] (0x2000): Trace: sh[0x55ba5b42b890], connected[1], ops[(nil)], ldap[0x55ba5b571820], destructor_lock[0], release_memory[0] From above steps marking this bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3904 |