LDAP user is not prompted to change password on first login
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
LDAP user is not prompted to change password on first login
Severity
--------
Major
Steps to Reproduce
------------------
1. create a ldap user:
controller-0:~$ sudo ldapusersetup
Enter username to add to LDAP: ldapuser25
Successfully added user ldapuser25 to LDAP
Successfully set password for user ldapuser25
Add ldapuser25 to sudoer list? (yes/NO): NO
Add ldapuser25 to secondary user group? (yes/NO): NO
Enter days after which user password must be changed [90]: 90
Error modifying user entry uid=ldapuser25,
Updating password expiry to 90 days
Enter days before password is to expire that user is warned [2]: 2
Error modifying user entry uid=ldapuser25,
Updating password expiry to 2 days
2. Login to controller-1 with the ldap user:
controller-0:~$ ssh -l ldapuser25 -o UserKnownHostsF
The authenticity of host 'controller-1 (abcd:204::3)' can't be established.
ECDSA key fingerprint is SHA256:
ECDSA key fingerprint is MD5:07:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'controller-
Release 22.06
-------
W A R N I N G *** W A R N I N G *** W A R N I N G *** W A R N I N G ***
-------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security. Monitoring includes active
attacks by authorized personnel and their entities to test or verify the
security of the system. During monitoring, information may be examined,
recorded, copied and used for authorized purposes. All information including
personal information, placed on or sent over this system may be monitored. Uses
of this system, authorized or unauthorized, constitutes consent to monitoring
of this system. Unauthorized use may subject you to criminal prosecution.
Evidence of any such unauthorized use collected during monitoring may be used
for administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.
Permission denied, please try again.
ldapuser25@
Creating directory '/home/ldapuser25'.
Last login: Mon May 9 19:10:09 2022 from abcd:204::2
/etc/motd.
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.
Expected Behavior
-----------------
First time login to LDAP user ask to change the password
Actual Behavior
----------------
First time login to LDAP user not prompted to change the password
Also notice there are errors when creating the LDAP user.
Reproducibility
---------------
Reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
STX latest
Last Pass
---------
Unknown
Timestamp/Logs
--------------
See "Steps to Reproduce".
Test Activity
-------------
Developer Testing
Workaround
----------
N/A
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.7.0 stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /stx-puppet/ +/841630
Review: https:/