Uploaded image for project: 'Red Hat Directory Server'
  1. Red Hat Directory Server
  2. DIRSRV-66

passwordExpirationTime is changed to the time of bind

XMLWordPrintable

    • None
    • sst_idm_ds
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None

      Description of problem:
      passwordExpirationTime is changed to the time of bind

      Version-Release number of selected component (if applicable):
      389-ds-base-1.4.3.37-7.module+el8dsrv+20631+5a3df0a9.x86_64

      How reproducible:
      Always

      Steps to Reproduce:
      1. Set pwpolicy as follows:
      dsconf... pwpolicy set --pwdmustchange on --pwdwarning 864000 --pwdmaxage 2592000 --pwdexpire on

      2. Create a sample user dn:
      uid=testuser1,ou=people,dc=example,dc=com

      3. Rsest userPassword
      ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
      dn: uid=testuser1,ou=people,dc=example,dc=com
      changetype: modify
      replace: userPassword
      userPassword: password
      EOF

      4. Set passwordExpirationTime to "current date +10 days"
      VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
      ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
      dn: uid=testuser1,ou=people,dc=example,dc=com
      changetype: modify
      replace: passwordExpirationTime
      passwordExpirationTime: $VALUE
      EOF
      ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime

      5. BIND with the user
      date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
      ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime

      Log sample:
      ~~~
      [root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << 'EOF'
      > dn: uid=testuser1,ou=people,dc=example,dc=com
      > changetype: modify
      > replace: userPassword
      > userPassword: password
      > EOF
      modifying entry "uid=testuser1,ou=people,dc=example,dc=com"

      [root@8ds0 ~]# VALUE=$(date -u -d '10days' +"%Y%m%d%H%M%S")Z
      [root@8ds0 ~]# ldapmodify -x -h localhost -D "cn=Directory Manager" -w redhat11 << EOF
      > dn: uid=testuser1,ou=people,dc=example,dc=com
      > changetype: modify
      > replace: passwordExpirationTime
      > passwordExpirationTime: $VALUE
      > EOF
      modifying entry "uid=testuser1,ou=people,dc=example,dc=com"

      [root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
      dn: uid=testuser1,ou=people,dc=example,dc=com
      passwordExpirationTime: 20240426024422Z

      [root@8ds0 ~]# date -u; ldapsearch -xLLL -h localhost -D "uid=testuser1,ou=people,dc=example,dc=com" -w password uid=testuser1 -e ppolicy cn
      Tue Apr 16 02:44:30 UTC 2024
      ldap_bind: Success (0) (Password expires in 864000 seconds)
      [root@8ds0 ~]# ldapsearch -xLLL -h localhost -D "cn=Directory Manager" -w redhat11 uid=testuser1 passwordExpirationTime
      dn: uid=testuser1,ou=people,dc=example,dc=com
      passwordExpirationTime: 20240426024430Z

      [root@8ds0 ~]#
      ~~~
      passwordExpirationTime is changed from 20240426024422Z to 20240426024430Z, the time part of which is the same as bind time. Please note the day part(20240426) is not changed.

      Actual results:
      passwordExpirationTime is changed.

      Expected results:
      passwordExpirationTime is not changed.

      Additional info:

              idm-ds-dev-bugs IdM DS Dev
              rhn-support-msugaya Muneaki Sugaya
              James Chapman
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: