-
Bug
-
Resolution: Not a Bug
-
dirsrv-11.8
Description of problem:
passwordExpirationTime is changed to the time of bind
Version-Release number of selected component (if applicable):
389-ds-base-1.4.3.37-7.module+el8dsrv+20631+5a3df0a9.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Set pwpolicy as follows:
dsconf... pwpolicy set --pwdmustchange on --pwdwarning 864000 --pwdmaxage 2592000 --pwdexpire on
2. Create a sample user dn:
uid=testuser1,ou=people,dc=example,dc=com
3. Rsest userPassword
ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
dn: uid=testuser1,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: password
EOF
4. Set passwordExpirationTime to "current date +10 days"
VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
dn: uid=testuser1,ou=people,dc=example,dc=com
changetype: modify
replace: passwordExpirationTime
passwordExpirationTime: $VALUE
EOF
ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
5. BIND with the user
date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
Log sample:
~~~
[root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
> dn: uid=testuser1,ou=people,dc=example,dc=com
> changetype: modify
> replace: userPassword
> userPassword: password
> EOF
modifying entry "uid=testuser1,ou=people,dc=example,dc=com"
[root@8ds0 ~]# VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
[root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
> dn: uid=testuser1,ou=people,dc=example,dc=com
> changetype: modify
> replace: passwordExpirationTime
> passwordExpirationTime: $VALUE
> EOF
modifying entry "uid=testuser1,ou=people,dc=example,dc=com"
[root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
dn: uid=testuser1,ou=people,dc=example,dc=com
passwordExpirationTime: 20240426024422Z
[root@8ds0 ~]# date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
Tue Apr 16 02:44:30 UTC 2024
ldap_bind: Success (0) (Password expires in 864000 seconds)
[root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
dn: uid=testuser1,ou=people,dc=example,dc=com
passwordExpirationTime: 20240426024430Z
[root@8ds0 ~]#
~~~
passwordExpirationTime is changed from 20240426024422Z to 20240426024430Z, the time part of which is the same as bind time. Please note the day part(20240426) is not changed.
Actual results:
passwordExpirationTime is changed.
Expected results:
passwordExpirationTime is not changed.
Additional info:
- external trackers