Bug 1009829 - Document that server side password policies always takes precedence
Summary: Document that server side password policies always takes precedence
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Depends On:
Blocks: 1009922 1061410 1087699 1088106
TreeView+ depends on / blocked
Reported: 2013-09-19 09:06 UTC by Kaushik Banerjee
Modified: 2020-05-02 17:29 UTC (History)
6 users (show)

Fixed In Version: sssd-
Doc Type: Bug Fix
Doc Text:
Do not document
Clone Of:
: 1009922 1087699 1088106 (view as bug list)
Last Closed: 2014-10-14 04:46:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3133 None None None 2020-05-02 17:29:09 UTC
Red Hat Product Errata RHBA-2014:1375 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC

Description Kaushik Banerjee 2013-09-19 09:06:59 UTC
Description of problem:
Server side password policies always takes precedence over the policy enabled from client side.

e.g. On setting "ldap_pwd_policy=shadow", the policies defined with
shadow ldap attributes for a user has no effect if password policy
is enabled on the server(openldap).

Version-Release number of selected component (if applicable):

How reproducible:

Comment 2 Jakub Hrozek 2013-09-19 10:54:59 UTC
Upstream ticket:

Comment 3 Jakub Hrozek 2013-09-24 13:11:43 UTC
Fixed upstream:

    master: 56ed2be9a95cb5713ef72c4933e362a36dc7a607
    sssd-1-11: 539fdcebb352722b88a2700f994b1f8b7305b95a

Comment 4 Jakub Hrozek 2013-09-25 23:03:09 UTC
Fixed upstream -> POST

Comment 7 Kaushik Banerjee 2014-07-07 05:45:02 UTC
Verified with sssd-1.11.6-1.el6

man sssd-ldap has the following note:

 Note: if a password policy is configured on server side, it always takes precedence over policy set with this option.

Comment 8 errata-xmlrpc 2014-10-14 04:46:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.