Bug 1138775 – Password migration is broken

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1138775 - Password migration is broken

Summary:	Password migration is broken

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2014-09-05 11:29 EDT by Martin Kosek
Modified:	2015-03-05 05:13 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:	ipa-4.0.3-1.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 05:13:33 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
verification steps with console output (2.96 KB, text/plain) 2015-01-07 05:14 EST, Kaleem	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0442	normal	SHIPPED_LIVE	Moderate: ipa security, bug fix, and enhancement update	2015-03-05 09:50:39 EST

Groups: None (edit)

Description Martin Kosek 2014-09-05 11:29:54 EDT

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4450

From https://www.redhat.com/archives/freeipa-users/2014-July/msg00081.html

{{{
$ ipa user-add "bill.mathews" --last="Mathews" --first="William" --email="blah" --phone="xxx-yyy-zzzz" --setattr userpassword="{SHA}bunchajunka" --setattr o="University of Tweedle" --gidnumber=65534 --uid=2000063
}}}

And I get:

ERROR: Constraint violation: invalid password syntax - passwords with
storage scheme are not allowed

Seems to be caused by https://fedorahosted.org/389/ticket/47389 and
fixed by https://fedorahosted.org/389/ticket/47753 which is not yet in a
release AFAICT.

It may be that a 389-ds release fixes this but IPA should have some sort of test or CI to verify that migration is working prior to release.

Comment 1 Martin Kosek 2014-09-05 12:15:10 EDT

Fixed upstream:

master:
15eb343b9c235a1ca3a6cc48f730590949d439ec Allow hashed passwords in DS

ipa-4-1:
15eb343b9c235a1ca3a6cc48f730590949d439ec Allow hashed passwords in DS

ipa-4-0:
47825306169b941902a443b01ac5a51991dcfb95 Allow hashed passwords in DS

Comment 3 Kaleem 2015-01-07 05:14:27 EST

Created attachment 977184 [details]
verification steps with console output

Verified.

IPA Version:
============
[root@ipaqavmd ipa-tests]# rpm -q ipa-server
ipa-server-4.1.0-13.el7.x86_64
[root@ipaqavmd ipa-tests]# 

Please see the attached file for console output.

Comment 5 errata-xmlrpc 2015-03-05 05:13:33 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Note You need to log in before you can comment on or make changes to this bug.