Bug 1950335

Summary: upgrade password hash on bind also causes passwordExpirationtime to be updated
Product: Red Hat Enterprise Linux 8 Reporter: thierry bordaz <tbordaz>
Component: 389-ds-baseAssignee: Jamie Chapman <jachapma>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.4CC: gkimetto, ldap-maint, mreynolds, sgouvern
Target Milestone: betaKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-1.4-8060020211021200750.ce3e8c9c Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 13:43:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description thierry bordaz 2021-04-16 12:47:22 UTC 
Description of problem:

There is an unintended side effect of the "upgrade password on bind" feature. It causes the password policy code to be engaged and it resets the passwordExpirationtime in the entry. There could be other unintended password policy side effects as well. We should look into a way to skip password policy updates when the hash is reset by this plugin.

Version-Release number of selected component (if applicable):
This depends on #49421 that was implement 1.4.1

How reproducible:
Create an entry with a userpassword hashed with non default hash. When binding with this entry, hash should be upgraded


Steps to Reproduce:
1.
2.
3.

Actual results:
passwordExpirationtime is reset

Expected results:
passwordExpirationtime should not be reset
Comment 5 errata-xmlrpc 2022-05-10 13:43:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1815