Bug 689889

Summary: allow fine grained password policy duration attributes in days, hours, minutes, as well
Product: Red Hat Enterprise Linux 6 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: amsharma, benl, dpal, jgalipea, rmeggins, syeghiay
Target Milestone: rcKeywords: screened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.8-0.7.rc2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 681015 Environment:
Last Closed: 2011-05-19 12:42:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 681015    
Bug Blocks: 639035, 656390, 681611    

Description Noriko Hosoi 2011-03-22 18:07:58 UTC 
+++ This bug was initially created as a clone of Bug #681015 +++

Description of problem:
This bug fix allows global password policy duration attributes in the format of ##D|d, ##H|h, ##M|m, ##S|s.
Bug 627993 - RFE: allow global password policy duration attributes in days, hours, minutes, as well

On the other hand, the fine grained has no ability to handle such format.  Actually, there is no methods to check the invalid input to the fine grained password policy duration attributes.

$ ldapmodify ...
dn: cn=cn\3DnsPwPolicyEntry\2Cou\3DPeople\2Cdc\3Dexample\2Cdc\3Dcom,cn=nsPwPol
 icyContainer,ou=People,dc=example,dc=com
changetype: modify
replace: passwordMaxAge
passwordMaxAge: abcdefg
$ echo $?
0
--- Additional comment from amsharma on 2011-03-21 10:13:20 EDT ---

passwordLockoutDuration attribute is not working with the fine grain password policy. So, I am moving the bug to ASSIGNED state.

Its not behaving as expected, if passwordLockoutDuration is set to "1m, 1M, 1d and 2h". This works fine when I set this value in seconds without prefixing it, like (60, 120 and 30).

--- Additional comment from nhosoi on 2011-03-21 19:49:17 EDT ---

Created attachment 486705 [details]
git patch file (master)

Thanks to Amita for finding out this bug..

Description: passwordLockoutDuration attribute is not working 
with the fine grain password policy.  The code to parse the  
value of passwordLockoutDuration was missing.  This patch 
adds it.

With this fix, your test case passes 100%.

--- Additional comment from nhosoi on 2011-03-22 14:04:59 EDT ---

Reviewed by Nathan (Thank you!!!)

Pushed to master.

$ git merge 681015
Updating 9d5d73c..6ada149
Fast-forward
 ldap/servers/slapd/pw.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

$ git push
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 736 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   9d5d73c..6ada149  master -> master


commit 6ada149c42dbcce727662927129ae55832def5a0
Author: Noriko Hosoi <nhosoi>
Date:   Mon Mar 21 16:44:16 2011 -0700

    Bug 681015 - RFE: allow fine grained password policy duration attributes ...


Cherry picked commit 6ada149c42dbcce727662927129ae55832def5a0 and pushed to 389-ds-base-1.2.8, as well.

$ git cherry-pick 6ada149c42dbcce727662927129ae55832def5a0
Finished one cherry-pick.
[ds128-local df7c57c] Bug 681015 - RFE: allow fine grained password policy duration attributes in days, hours, minutes, as well
 1 files changed, 1 insertions(+), 1 deletions(-)

$ git push origin ds128-local:389-ds-base-1.2.8
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 731 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   2ba240b..df7c57c  ds128-local -> 389-ds-base-1.2.8
Comment 2 Amita Sharma 2011-03-31 10:59:33 UTC 
I have verified this bug and automated the test cases, All test cases are passed.
Comment 3 errata-xmlrpc 2011-05-19 12:42:47 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0533.html