New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix password expiration related shadow attributes #2141
Comments
Comment from gordonmessmer at 2017-01-06 22:30:18 attachment |
Comment from firstyear (@Firstyear) at 2017-01-08 08:22:18 Hi, Sorry for misunderstanding your issue on the mailing list. I know we use "long long" in the code here, but try to use PRUint64 or PRInt64. We should avoid this old and confusing syntax, and new code should use the modern types. Can you give us the example steps you took to test and assert the new patches functionality so that we can create a python test case to prevent regressions? |
Comment from gordonmessmer at 2017-01-08 09:15:02 No testing has been done as of yet. These patches are merely suggestions. In this case, that shadowMin, shadowMax, and shadowWarning should only be auto-filled if the equivalent settings have a value on the directory server, and that shadowMax and shadowWarning should only be set if password expiration is enabled. |
Comment from nhosoi (@nhosoi) at 2017-01-12 05:17:08 git patch file (master) |
Comment from nhosoi (@nhosoi) at 2017-01-12 05:17:53 git patch file (master) -- CI test; adjusting the test case |
Comment from nhosoi (@nhosoi) at 2017-01-12 05:23:05 Hello, Gordon. Could you please review the attached patch 0002-Ticket-49082-Fix-password-expiration-related-shadow-.patch? I slightly modified your original patch not to update unless "shadowval" was retrieved. Thanks. |
Comment from nhosoi (@nhosoi) at 2017-01-12 05:28:20 Hi William,
I did not change "long long shadowval", which is supposed to have the same type as pwpolicy->pw_minage, pwpolicy->pw_maxage, etc. (unless we cast or change the type of pwpolicy->pw_...). If we want to do that, I think we'd better do that in a new ticket.
I updated ticket548_test.py to adjust the new behaviour. Thanks! |
Comment from gordonmessmer at 2017-01-12 05:48:53 Looks good to me. |
Comment from firstyear (@Firstyear) at 2017-01-12 05:50:02 Thanks Gordon for clarifying our misunderstanding of this attribute :) |
Comment from gordonmessmer at 2017-02-11 23:03:01 Metadata Update from @gordonmessmer:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49082
Shadow attributes (in /etc/shadow and in LDAP) are typically unset when no policy is in place. 389-ds will incorrectly return values (possibly set to 0) when there is no policy.
Only auto-fill shadow attributes when a password policy is available. These are empty when no policy is in place.
Don't auto-fill expiration related shadow attributes if passwords never expire.
The text was updated successfully, but these errors were encountered: