If the password policy is set to store no history (hostory=0) then whenever a password is set a bogus log entry is created on 389-ds reporting "failed to generate new password history!?" It fails to generate history because policy tells it not to. This patch will suppress the message.

See the ticket for more reproduction details, c#4.

>From 4d4c8b5aa41816fe014c061e0b7d18d750b38385 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 20 Jul 2012 14:07:23 -0400
Subject: [PATCH] Don't generate password history error if history is set to

 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index c36189987f785de8e8e97737554b854539b83ea2..cac8bf45f3770e102c49735335066b7bc761dba2 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -948,7 +948,7 @@ Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,
                                       pwd_history, &new_pwd_history, &n);
-    if (ret) {
+    if (ret && data->policy.history_length) {
         LOG_FATAL("failed to generate new password history!\n");
         goto done;

Freeipa-devel mailing list

Reply via email to