Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sdap: respect passwordGracelimit #621

Closed
wants to merge 1 commit into from
Closed

sdap: respect passwordGracelimit #621

wants to merge 1 commit into from

Conversation

fidencio
Copy link
Contributor

Since recent changes in 389-ds two response controls are end when
passwordGracelimit is set and about to expire:

  • [1.3.6.1.4.1.42.2.27.8.5.1] for the GraceLimit itself
  • [2.16.840.1.113730.3.4.4] for the PasswordExpired

Whenever the former is returned and the GraceLimit is still valid, we
shouldn't report the latter to the users.

Resolves:
https://pagure.io/SSSD/sssd/issue/3597

Signed-off-by: Fabiano Fidêncio fidencio@redhat.com

jhrozek
jhrozek reviewed Jul 20, 2018
View reviewed changes
src/providers/ldap/sdap_async_connection.c Outdated
/* ... and that's the reason why we have to set
* on_grace_login_limit to true here! ...
*/
on_grace_login_limit = pp_grace >= 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a block which evaluates pp_grace >= 0 below, do you think it makes sense to move setting on_grace_login_limit=true there? Or did you want the variable to be set to false as well explicitly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we add the check on the if, for cases where pp_grace < 0 we won't set on_grace_login_limit to false.

I thought about it, but then we'd have to, most likely, add an else there and it would make the code less clear.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alternatively, set the variable to false where the pp_grace >= 0 is now and only to true in the block where pp_grace is already tested for >=0

@fidencio
sdap: respect passwordGracelimit
79d5e2d 
Since recent changes in 389-ds two response controls are end when
passwordGracelimit is set and about to expire:
- [1.3.6.1.4.1.42.2.27.8.5.1] for the GraceLimit itself
- [2.16.840.1.113730.3.4.4] for the PasswordExpired

Whenever the former is returned and the GraceLimit is still valid, we
shouldn't report the latter to the users.

Resolves:
https://pagure.io/SSSD/sssd/issue/3597

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
jhrozek
jhrozek approved these changes Jul 20, 2018
View reviewed changes
Copy link
Contributor

@jhrozek jhrozek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This version of the patch looks good to me.

@jhrozek
Copy link
Contributor

jhrozek commented Jul 20, 2018

before adding the accepted label I will run some downstream tests

@jhrozek jhrozek self-assigned this Jul 20, 2018
@jhrozek
Copy link
Contributor

jhrozek commented Jul 26, 2018

@jhrozek jhrozek closed this Jul 26, 2018
@jhrozek jhrozek added the Pushed label Jul 26, 2018
@pbrezina pbrezina mentioned this pull request Apr 28, 2020
Closed
This was referenced May 2, 2020
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhrozek jhrozek jhrozek approved these changes

Assignees

@jhrozek jhrozek

Labels
Accepted Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fidencio @jhrozek