Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: dirsrv-12.5
Affects Version/s: dirsrv-11.8
Component/s: 389-ds-base
Labels:
None

Severity:
None

Pool Team:

rhel-sst-idm-ds

Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Errata Link:
https://errata.engineering.redhat.com/advisory/136844
Test Coverage:
None

Release Note Type:
Bug Fix
Release Note Text:

Hide
.{DS} now updates the password history for pre-hashed passwords as expected

Previously, when you updated your password with a hashed value, the updated password hash was not listed in your password history. With this update, the issue has been fixed, and both hashed and non-hashed password updates are now listed in the password history.

Show
.{DS} now updates the password history for pre-hashed passwords as expected Previously, when you updated your password with a hashed value, the updated password hash was not listed in your password history. With this update, the issue has been fixed, and both hashed and non-hashed password updates are now listed in the password history.

Bugzilla Bug:
RHBZ: 2257814

PX Impact Score:
PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:
passwordHistory is not updated by with a pre-hashed password

Version-Release number of selected component (if applicable):
389-ds-base-1.4.3.37-7.module+el8dsrv+20631+5a3df0a9.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add "uid=testuser,ou=people,dc=example,dc=com" with userPassword: <Password1>.
2. Run the followins.

dsconf ... pwpolicy set --pwdhistory on
dsconf ... config replace nsslapd-allow-hashed-passwords=on
ldapmodify -x -D "cn=Directory Manager" -w <Password> << 'EOF'
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="objectClass || description || uid || displayName || loginShell || uidNumber || gidNumber || gecos || homeDirectory || cn || memberOf || mail")(version 3.0; acl "Enable all read"; allow (read, search, compare)(userdn="ldap:///all");)
aci: (targetattr="userPassword")(version 3.0; acl "Enable self partial modify"; allow (write)(userdn="ldap:///self");)
EOF
pwdhash -s PBKDF2_SHA256 <Password2>
ldapmodify -x -D uid=testuser,ou=people,dc=example,dc=com -w <Password1>  << 'EOF'
dn: uid=testuser,ou=people,dc=example,dc=com
changetype: modify
replace: userpassword
userpassword: {PBKDF2_SHA256}...
EOF
ldapsearch ... uid=testuser passwordHistory

Actual results:
passwordHistory is not updated.

Expected results:
passwordHistory is updated.

Additional info:

external trackers

Github 389ds/389-ds-base/issues/6092

Red Hat Customer Portal 03706160

Red Hat Issue Tracker IDMDS-4086

links to

RHBA-2024:136844 redhat-ds:12 bug fix update

Assignee:: IdM DS Dev

Reporter:: Muneaki Sugaya

QA Contact:: IdM DS QE

Doc Contact:: Evgenia Martyniuk

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/01/11 7:05 AM

Updated:: 2024/11/19 11:35 AM

Resolved:: 2024/11/19 11:35 AM

Release Date:: 2024/11/19

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates