Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1492830 - password expired control not sent during grace logins. [rhel-7.4.z]
Summary: password expired control not sent during grace logins. [rhel-7.4.z]
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.4
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
Marc Muehlfeld
Depends On: 1464505
TreeView+ depends on / blocked
Reported: 2017-09-18 17:18 UTC by Tom Lavigne
Modified: 2020-12-14 10:06 UTC (History)
9 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Previously, Directory Server did not send the expired password control when an expired password had grace logins left. Consequently, clients could not tell the user that the password was expired or how many grace logins were left. The problem has been fixed. As a result, clients can now tell the user if a password is expired and how many grace logins remain.
Clone Of: 1464505
Last Closed: 2017-10-19 15:11:57 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2932 0 normal SHIPPED_LIVE 389-ds-base bug fix update 2017-10-19 18:48:58 UTC

Description Tom Lavigne 2017-09-18 17:18:59 UTC
This bug has been copied from bug #1464505 and has been proposed
to be backported to 7.4 z-stream (EUS).

Comment 5 Amita Sharma 2017-09-25 08:45:12 UTC
================================================================ test session starts =================================================================
platform linux2 -- Python 2.7.5, pytest-3.2.2, py-1.4.34, pluggy-0.4.0
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-693.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.34', 'pytest': '3.2.2', 'pluggy': '0.4.0'}, 'Plugins': {'html': '1.16.0', 'metadata': '1.5.0'}}
DS build:
nss: 3.28.4-14.el7_4
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-5.el7
svrcore: 4.1.3-2.el7

rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/suites/password, inifile:
plugins: metadata-1.5.0, html-1.16.0
collected 4 items                                                                                                                                     

pwdPolicy_controls_test.py OK group dirsrv exists
OK user dirsrv exists
INFO:lib389.topologies:Instance with parameters {'ldap-port': 38901, 'suffix': 'dc=example,dc=com', 'krb5_realm': None, 'deployed-dir': '/usr', 'inst-backupdir': '/tmp', 'hostname': 'localhost', 'server-id': 'standalone1', 'root-pw': 'password', 'root-dn': 'cn=Directory Manager', 'group-id': None, 'InstScriptsEnabled': None, 'user-id': None, 'ldap-secureport': None} was created.
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Configure password policy with paswordMustChange set to "on"
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Reset userpassword as Directory Manager
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Bind should return ctrl with error code 2 (changeAfterReset)
.INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Configure password policy with grace limit set tot 2
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Change password and wait for it to expire
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Bind and use up one grace login (only one left)
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Use up last grace login, should get control
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:No grace login available, bind should fail, and no control should be returned
.INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Configure password policy
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Change password and get controls
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Warning has been sent, try the bind again, and recheck the expiring time
.INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Configure password policy
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:When the warning is less than the max age, we never send expiring control response
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Turn on sending expiring control regardless of warning
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Check expiring time again
INFO:dirsrvtests.tests.suites.password.pwdPolicy_controls_test:Turn off sending expiring control (restore the default setting)
.Instance slapd-standalone1 removed.

============================================================= 4 passed in 23.31 seconds ==============================================================

Comment 7 errata-xmlrpc 2017-10-19 15:11:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.