RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1009829 - Document that server side password policies always takes precedence
Summary: Document that server side password policies always takes precedence
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 1009922 1061410 1087699 1088106
TreeView+ depends on / blocked
 
Reported: 2013-09-19 09:06 UTC by Kaushik Banerjee
Modified: 2020-05-02 17:29 UTC (History)
6 users (show)

Fixed In Version: sssd-1.11.5.1-1.el6
Doc Type: Bug Fix
Doc Text:
Do not document
Clone Of:
: 1009922 1087699 1088106 (view as bug list)
Environment:
Last Closed: 2014-10-14 04:46:45 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3133 0 None None None 2020-05-02 17:29:09 UTC
Red Hat Product Errata RHBA-2014:1375 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC

Description Kaushik Banerjee 2013-09-19 09:06:59 UTC
Description of problem:
Server side password policies always takes precedence over the policy enabled from client side.

e.g. On setting "ldap_pwd_policy=shadow", the policies defined with
shadow ldap attributes for a user has no effect if password policy
is enabled on the server(openldap).

Version-Release number of selected component (if applicable):
1.9.2-127

How reproducible:
Always

Comment 2 Jakub Hrozek 2013-09-19 10:54:59 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2091

Comment 3 Jakub Hrozek 2013-09-24 13:11:43 UTC
Fixed upstream:

    master: 56ed2be9a95cb5713ef72c4933e362a36dc7a607
    sssd-1-11: 539fdcebb352722b88a2700f994b1f8b7305b95a

Comment 4 Jakub Hrozek 2013-09-25 23:03:09 UTC
Fixed upstream -> POST

Comment 7 Kaushik Banerjee 2014-07-07 05:45:02 UTC
Verified with sssd-1.11.6-1.el6

man sssd-ldap has the following note:

 Note: if a password policy is configured on server side, it always takes precedence over policy set with this option.

Comment 8 errata-xmlrpc 2014-10-14 04:46:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html


Note You need to log in before you can comment on or make changes to this bug.