10:25 a.m.
I'm running SSSD 1.8.6-0ubuntu0.3 on Ubuntu 12.04 and I've hit this bug
https://bugs.launchpad.net/debian/+source/sssd/+bug/1415545, basically if
you set ldap_pwd_policy=shadow and you don't have the ppolicy overlay on
your ldap server it breaks changing passwords.
I'm just wondering if this is fixed in a later version, in which chase I"ll
have to backport it / patch 1.8.6 or if anyone knows are work around for
the problem.
10:30 a.m.
Stephen Johnson wrote:
I'm running SSSD 1.8.6-0ubuntu0.3 on Ubuntu 12.04 and I've
hit this bug
https://bugs.launchpad.net/debian/+source/sssd/+bug/1415545, basically if
you set ldap_pwd_policy=shadow and you don't have the ppolicy overlay on
your ldap server it breaks changing passwords.
Hmm, OpenLDAP's slapo-ppolicy and using shadowAccount attributes have nothing
to do with each other. So I suspect that things got confused in the above
mentioned bug report.
Ciao, Michael.
10:42 a.m.
It's strange if I set
ldap_chpass_update_last_change = true
You can change the password and shadowLastChange get's updated but you
don't get password expiry warnings or account lockouts.
If you set
ldap_pwd_policy = shadow
and ldap_chpass_update_last_change = true
or
ldap_pwd_policy = shadow
ldap_chpass_update_last_change = false
The user can't change their password but I don't get password expiry
warning and account lockouts.
On Wed, Jan 28, 2015 at 4:30 PM, Michael Ströder <michael(a)stroeder.com>
wrote:
Stephen Johnson wrote:
> I'm running SSSD 1.8.6-0ubuntu0.3 on Ubuntu 12.04 and I've hit this bug
> https://bugs.launchpad.net/debian/+source/sssd/+bug/1415545, basically
if
> you set ldap_pwd_policy=shadow and you don't have the ppolicy overlay on
> your ldap server it breaks changing passwords.
Hmm, OpenLDAP's slapo-ppolicy and using shadowAccount attributes have
nothing
to do with each other. So I suspect that things got confused in the above
mentioned bug report.
Ciao, Michael.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
3373
days inactive
3373
days old
sssd-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Michael Ströder -
Stephen Johnson