Bug 621262 - Creating new user does not consult min_new_user_len
Summary: Creating new user does not consult min_new_user_len
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server   
(Show other bugs)
Version: 530
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jan Pazdziora
QA Contact: Martin Korbel
Depends On:
Blocks: sat560-lowbug
TreeView+ depends on / blocked
Reported: 2010-08-04 15:43 UTC by Matthew Davis
Modified: 2018-11-27 19:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-01 21:56:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Matthew Davis 2010-08-04 15:43:37 UTC
From /etc/rhn/default/rhn_server.conf

     # New usernames
     # min_user_len is used for sanity checks on the username upon authentication;
     # min_new_user_len is the minimum user length for new users
     # For legacy reasons, we need two different checks
     min_new_user_len = 5

This is a false statement.

From CreateUserCommand.java

        if (login.length() < Config.get().getInt("min_user_len")) {
            errors.add(new ValidatorError("error.minlogin",

As you can see min_new_user_len is never consulted.

So, either consult it with something like

if (login.length() < Config.get().getInt("min_user_len") || login.length() < Config.get().getInt("min_new_user_len")) {

Or remove the reference to min_new_user_len.  The very little searching I did, returned no other references to that value.  So it should be ok to remove so there is no confusion in the future.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Set min_new_user_len to 3 in /etc/rhn/rhn.conf
2. Restart services
3. Try to create a user with a login of 3 characters
Actual results:

Expected results:

Comment 1 Rich Shappard 2011-02-01 21:51:24 UTC
This is effecting our implementation of Satellite as well.  Our LDAP uses 4 character logins and we can't integrate Satellite with the rest of our infrastructure.

Comment 2 Matthew Davis 2011-02-01 22:03:25 UTC
It should be noted, that the new user code does consult min_user_len, but not min_new_user_len (as one may imagine due to the name of the variable). So as a workaround, I've had to set min_new_user_len & min_user_len to the values required.

Comment 3 Rich Shappard 2011-02-01 22:14:20 UTC
For reference, changing the min_user_len value in /etc/rhn/default/rhn_server.conf does not affect this behavior.

min_user_len   = 3
min_new_user_len = 3

I found web.min_user_len in /etc/rhn/default/rhn_web.conf, changed it to 3, restarted satellite and it works.

Comment 4 Jan Pazdziora 2013-03-15 11:01:03 UTC
Please note that any customizations should be done in /etc/rhn/rhn.conf only, not in the */default/*.conf files.

Comment 5 Jan Pazdziora 2013-03-15 11:02:09 UTC
I've now removed the option min_new_user_len from rhn_server.conf in Spacewalk master, 7adfcb1e3f02428ce18b40ec417aad1668085b47.

Comment 6 Martin Korbel 2013-09-24 08:02:00 UTC
VERIFIED on Satellite-5.6.0-RHEL6-re20130917.0

Steps of reproduce Sat-5.6.0: 
1. Check default value:
> export PASSWD="xxx"
> spacewalk-api --server localhost --user=admin --password=$PASSWD user.create "%session%" aa "123456" "XXX" "YYY" "xxx@localhost"
"Logins must be no shorter than 3 characters."

2. change defaults values in /etc/rhn/rhn.conf:
> echo "min_user_len     = 6" >> /etc/rhn/rhn.conf
> echo "min_new_user_len = 7" >> /etc/rhn/rhn.conf

3. run this command
> spacewalk-api --server localhost --user=admin --password=$PASSWD user.create "%session%" aa "123456" "XXX" "YYY" "xxx@localhost"
"Logins must be no shorter than 6 characters."

Steps of reproduce Sat-5.4.1: 
1. Check default value:
> export PASSWD="xxx"
> spacewalk-api --server localhost --user=admin --password=$PASSWD user.create "%session%" aa "123456" "XXX" "YYY" "xxx@localhost"
"Logins must be no shorter than 5 characters."

2. change rhn.conf
> echo "min_user_len     = 6" >> /etc/rhn/rhn.conf
> echo "min_new_user_len = 7" >> /etc/rhn/rhn.conf

3. run this command
> spacewalk-api --server localhost --user=admin --password=$PASSWD user.create "%session%" aa "123456" "XXX" "YYY" "xxx@localhost"
"Logins must be no shorter than 6 characters."

Comment 7 Martin Korbel 2013-09-24 08:04:14 UTC
FIX steps of reproduce, 
add step 1.1 for both situations
1.1 restart satellite
> rhn-satellite restart

Comment 8 Clifford Perry 2013-10-01 21:56:30 UTC
Satellite 5.6 has been released. This bug was tracked under the release.  

This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly
before release). 


Text from Upgrade Erratum follows:

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.