Bug 1009829 - Document that server side password policies always takes precedence
Document that server side password policies always takes precedence
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
Depends On:
Blocks: 1009922 1061410 1087699 1088106
  Show dependency treegraph
Reported: 2013-09-19 05:06 EDT by Kaushik Banerjee
Modified: 2014-10-14 00:46 EDT (History)
6 users (show)

See Also:
Fixed In Version: sssd-
Doc Type: Bug Fix
Doc Text:
Do not document
Story Points: ---
Clone Of:
: 1009922 1087699 1088106 (view as bug list)
Last Closed: 2014-10-14 00:46:45 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1375 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-13 21:06:25 EDT

  None (edit)
Description Kaushik Banerjee 2013-09-19 05:06:59 EDT
Description of problem:
Server side password policies always takes precedence over the policy enabled from client side.

e.g. On setting "ldap_pwd_policy=shadow", the policies defined with
shadow ldap attributes for a user has no effect if password policy
is enabled on the server(openldap).

Version-Release number of selected component (if applicable):

How reproducible:
Comment 2 Jakub Hrozek 2013-09-19 06:54:59 EDT
Upstream ticket:
Comment 3 Jakub Hrozek 2013-09-24 09:11:43 EDT
Fixed upstream:

    master: 56ed2be9a95cb5713ef72c4933e362a36dc7a607
    sssd-1-11: 539fdcebb352722b88a2700f994b1f8b7305b95a
Comment 4 Jakub Hrozek 2013-09-25 19:03:09 EDT
Fixed upstream -> POST
Comment 7 Kaushik Banerjee 2014-07-07 01:45:02 EDT
Verified with sssd-1.11.6-1.el6

man sssd-ldap has the following note:

 Note: if a password policy is configured on server side, it always takes precedence over policy set with this option.
Comment 8 errata-xmlrpc 2014-10-14 00:46:45 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.