Bug 737157
| Summary: | "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled. | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kaushik Banerjee <kbanerje> | |
| Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 6.2 | CC: | benl, grajaiya, jgalipea, jzeleny, prc | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sssd-1.5.1-51.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: There was no specific error code implemented for situation where user changed his password, but password policy constraints were violated.
Consequence: Very generic and thus not understandable error messages were printed when this error occurred.
Fix: A specific error code for LDAP password constraint violation has been implemented.
Result: Error messages are now clearly stating what happened
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 748869 (view as bug list) | Environment: | ||
| Last Closed: | 2011-12-06 16:39:59 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 743047, 748869 | |||
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 51.el6 Build Date: Mon 12 Sep 2011 06:55:14 PM IST Install Date: Tue 13 Sep 2011 08:02:21 PM IST Build Host: x86-001.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-51.el6.src.rpm Size : 3670464 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: There was no specific error code implemented for situation where user changed his password, but password policy constraints were violated.
Consequence: Very generic and thus not understandable error messages were printed when this error occurred.
Fix: A specific error code for LDAP password constraint violation has been implemented.
Result: Error messages are now clearly stating what happened
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html |
Description of problem: Error messages (3, 4, <NULL>) [Internal Error (System error)] are seen during change password operation of a user in openldap server with ppolicy enabled. Version-Release number of selected component (if applicable): sssd-1.5.1-49.el6.i686 How reproducible: Always Steps to Reproduce: 1. Try to change password of a user in openldap server with ppolicy set("pwdInHistory: 6" and use the password used within the last 6 times): 2. # ssh -l ppuser1 localhost ppuser1@localhost's password: Your password has expired. You have 3 grace login(s) remaining. Last login: Tue Aug 30 15:33:40 2011 from localhost Could not chdir to home directory /home/ppuser1: No such file or directory id: cannot find name for group ID 564675 -sh-4.1$ passwd Changing password for user ppuser1. Current Password: New password: Retype new password: passwd: Authentication token manipulation error -sh-4.1$ Actual results: Password change fails as expected, but logs show: <snip> (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (9): Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (7): Password Policy Response: expire [-1] grace [1] error [No error]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (4): Password expired. [1] grace logins remaining. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null) (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [auth_bind_user_done] (9): Found ppolicy data, assuming LDAP password policies are active. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_auth4chpass_done] (7): user [uid=ppuser1,dc=example,dc=com] successfully authenticated. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_control_create] (3): Server does not support the requested control [1.3.6.1.4.1.42.2.27.8.5.1]. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (4): Executing extended operation (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_send] (8): ldap_extended_operation sent, msgid = 3 (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xccb740], connected[1], ops[0xd74510], ldap[0xd85030] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xccb740], connected[1], ops[0xd74510], ldap[0xd85030] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (5): Server returned no controls. (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_exop_modify_passwd_done] (3): ldap_extended_operation result: Constraint violation(19), Password is in history of old passwords (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Sending result [4][LDAP] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Sent result [4][LDAP] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace: sh[0xccb740], connected[1], ops[(nil)], ldap[0xd85030], destructor_lock[0], release_memory[0] (Wed Aug 31 07:55:42 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9): Successfully removed connection callback. </snip> Expected results: Improve error messages returning (3, 4, <NULL>) [Internal Error (System error)] Additional info: