Bug 2166332
| Summary: | [RFE] Fine-grained configuration to password updates by admin users. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Daniel Filho <dcamilof> |
| Component: | 389-ds-base | Assignee: | mreynolds |
| Status: | CLOSED ERRATA | QA Contact: | LDAP QA Team <idm-ds-qe-bugs> |
| Severity: | medium | Docs Contact: | Mugdha Soni <musoni> |
| Priority: | high | ||
| Version: | 8.6 | CC: | bsmejkal, dchen, emartyny, idm-ds-dev-bugs, mreynolds, musoni, spichugi, tbordaz, vashirov |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
| Target Release: | 8.9 | Flags: | pm-rhel:
mirror+
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | 389-ds-base-1.4.3.36-2.module+el8.9.0+19332+3ffa8e10 | Doc Type: | Enhancement |
| Doc Text: |
.New `passwordAdminSkipInfoUpdate: on/off` configuration option is now available
You can add a new `passwordAdminSkipInfoUpdate: on/off` setting under the `cn=config` entry to provide a fine grained control over password updates performed by password administrators. When you enable this setting, password updates do not update certain attributes, for example, `passwordHistory`,`passwordExpirationTime`,`passwordRetryCount`, `pwdReset`, and `passwordExpWarned`.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-14 15:32:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Daniel Filho
2023-02-01 13:59:07 UTC
Upstream ticket: https://github.com/389ds/389-ds-base/issues/5770 Adding a new setting "passwordAdminSkipInfoUpdate: on/off" under cn=config If set to "off" only the password is changed, and NONE of the password state attributes in the user entry are updated: passwordInHistory, passwordExpirationTime, etc. Fixed upstream ============================================================================================================ test session starts =============================================================================================================
platform linux -- Python 3.6.8, pytest-7.0.1, pluggy-1.0.0 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-502.el8.x86_64-x86_64-with-redhat-8.9-Ootpa', 'Packages': {'pytest': '7.0.1', 'py': '1.11.0', 'pluggy': '1.0.0'}, 'Plugins': {'libfaketime': '0.1.2', 'flaky': '3.7.0', 'metadata': '1.11.0', 'html': '3.2.0'}}
389-ds-base: 1.4.3.36-2.module+el8.9.0+19332+3ffa8e10
nss: 3.79.0-11.el8_7
nspr: 4.35.0-1.el8_8
openldap: 2.4.46-18.el8
cyrus-sasl: 2.1.27-6.el8_5
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini
plugins: libfaketime-0.1.2, flaky-3.7.0, metadata-1.11.0, html-3.2.0
collected 1 item
dirsrvtests/tests/suites/password/pwdAdmin_test.py::test_pwd_admin_config_test_skip_updates PASSED [100%]
============================================================================================================= 1 passed in 45.91s =============================================================================================================
As per comment #c11 marking as VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6965 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |