StarlingX

STX: LDAP sudo user not able to login by password

Bug #1806977 reported by Peng Peng
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Austin Sun

Bug Description

Brief Description
-----------------
Create new LDAP user and set password for the new user. Try to login as new user, but failed

Severity
--------
Major

Steps to Reproduce
------------------
1. create a new LDAP user : sudo ldapusersetup
2. set password for new user
3. try to login as new user by password

Expected Behaviour
------------------
login success

Actual Behaviour
----------------
password not working

Reproducibility
---------------
Reproducible 100%
Note: This issue was not seen using loads from master as of 2018-11-19_11-20-07

System Configuration
--------------------
Multi-node system

Branch/Pull Time/Commit
-----------------------
master as of 2018-11-30_20-21-27

Timestamp/Logs
--------------
[2018-12-01 19:05:28,600] 263 DEBUG MainThread ssh.send :: Send 'sudo ldapusersetup'

Password:
[2018-12-01 19:06:43,242] 263 DEBUG MainThread ssh.send :: Send 'new_url6psade0_Li69nux!'
[2018-12-01 19:07:43,401] 263 DEBUG MainThread ssh.send :: Send 'echo $?'
[2018-12-01 19:08:13,530] 360 WARNING MainThread ssh.expect :: No match found for ['.*controller\\-[01][:| ].*\\$ '].
expect timeout.
[2018-12-01 19:08:13,530] 263 DEBUG MainThread ssh.send :: Send 'exit'
[2018-12-01 19:08:15,358] 389 DEBUG MainThread ssh.expect :: Output:
Sorry, try again.
Password:
Sorry, try again.
Password:
sudo: 3 incorrect password attempts

See original description
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Release gating - issue maybe introduced by recent changes for patch reduction in ldap related packages.
Assigning to Cindy's team for further investigation as they introduced changes in this area.

Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.2019.03 stx.security
Changed in starlingx:
assignee: nobody → Cindy Xie (xxie1)
tags: added: stx.distro.other
description: updated
Revision history for this message
Cindy Xie (xxie1) wrote :

Austin, please take priority as this is High bug.

Changed in starlingx:
assignee: Cindy Xie (xxie1) → Austin Sun (sunausti)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-integ (master)

Fix proposed to branch: master
Review: https://review.openstack.org/623972

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-integ (master)

Reviewed: https://review.openstack.org/623972
Committed: https://git.openstack.org/cgit/openstack/stx-integ/commit/?id=ff360aa30a96bf945308282ca61706d09d46129a
Submitter: Zuul
Branch: master

commit ff360aa30a96bf945308282ca61706d09d46129a
Author: Sun Austin <email address hidden>
Date: Mon Dec 10 10:11:43 2018 +0800

    update /etc/pam.d/system-auth content with system-auth.pam

    LDAP sudo user is not able to login by password.
    root cause is that password rules in system-auth is not updated
    correctly because system-auth.apm in pam-config is missed to be
    copied to /etc/pam.d/system-auth

    copy system-auth.pam in pam-config to /etc/pam.d/system-auth to
    solve this issue.

    Closes-Bug: #1806977

    Change-Id: Ic646e30d06bcbe8cf3bf66c903942e4240bd23bd
    Signed-off-by: Sun Austin <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-integ (f/centos76)

Fix proposed to branch: f/centos76
Review: https://review.openstack.org/625068

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-integ (f/centos76)
Download full text (5.7 KiB)

Reviewed: https://review.openstack.org/625068
Committed: https://git.openstack.org/cgit/openstack/stx-integ/commit/?id=e25c1acc9b5c77f1bab00288d74ca6df0a8640c3
Submitter: Zuul
Branch: f/centos76

commit 920fcb818c3dd8b0945e6d7bd2371dfb71790f60
Author: zhipengl <email address hidden>
Date: Wed Dec 12 19:42:40 2018 +0800

    Remove last patch of iscsi-initiator-utils

    As we see in the patch, it changes %dir to %ghost to avoid RPM audit.
    If we move the config file mod change to config package and use RPM
    instead of SRPM, we have no audit issue anymore and can ignore related
    change.
    Deployment test pass and related file check pass!

    Story: 2003768
    Task: 28459
    Depends-on: https://review.openstack.org/#/c/624584/

    Change-Id: Ic23ccd740520e1942b3118a84cb03aef5f388332
    Signed-off-by: zhipengl <email address hidden>

commit 52bef031ac6e52c73a0a6a680b0ef31b99baac71
Author: Alex Kozyrev <email address hidden>
Date: Tue Dec 11 13:42:07 2018 -0500

    Provide a way to set mem_stats_period_seconds in puppet-nova.

    There is no support of mem_stats_period_seconds in puppet-nova now.
    We need to add a way to set it to 0 to disable QEMU memory balloon statistics.
    The intention is to help with cyclictest spikes due to stats collection.

    Depends-On: Iaea1962601755736688f2deb61730ab1d548b8b1
    Change-Id: I1fe3dfede1a5a07ddb5adaff1095206ffe5f6340
    Closes-bug: 1803615
    Signed-off-by: Alex Kozyrev <email address hidden>

commit 01f5fdd274ac0bc02528b4630dacaf3ca10eb27a
Author: Steven Webster <email address hidden>
Date: Wed Dec 5 15:29:33 2018 -0500

    Traffic control: fix TC filters for vlan sub-interface

    Sometime after kernel 3.10.0-514.16.1.X, tc filter commands no longer
    match 802.1q packets when the filter protocol is set to 'ip'.

    This poses a problem for a consolidated (eg. infra w/ vlan over
    management) interface configuration.

    The tc filter will operate properly on the vlan interface, but all
    traffic will go to the default qdisc (low priority) when it arrives
    with a vlan tag at the sub-interface.

    This commit sets the filter protocol to '802.1q' in the case of a
    subinterface with a vlan tagged interface ontop of it.

    Some bashate cleanup has also been done on this file.

    Closes-Bug: #1807055
    Change-Id: I457faa2b56bbd270c104cc0313ffe3cc1bfd4db3
    Signed-off-by: Steven Webster <email address hidden>

commit 2ec4482fc766bd583df422c2df5939a2707c7996
Author: zhipengl <email address hidden>
Date: Tue Dec 11 22:51:33 2018 +0800

    Refactor meta patch for facter package

    Merge 2 meta patches as the first meta patch is just overwritted by
    second one.
    Build pass!

    Story: 2003768
    Task: 28458

    Change-Id: I02ccadafa5381c82bcace340f6c399af38aeecc7
    Signed-off-by: zhipengl <email address hidden>

commit 11a4f7a6964bd96f22a02f3394fc2d62447480fa
Author: Eric MacDonald <email address hidden>
Date: Mon Dec 10 19:02:18 2018 -0500

    Package log_functions.sh into platform-util

    The log_functions.sh script file wa...

Read more...

tags: added: in-f-centos76
Ken Young (kenyis)
tags: added: stx.2019.05
removed: stx.2019.03
Ken Young (kenyis)
tags: added: stx.2.0
removed: stx.2019.05
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.