Agreed on class D, I closed the OSSA task, this could be re-opened
whenever the situation changes.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1528676
Title:
OpenLDAP password policy not enforced for password changes
Status in OpenStack Identity (keystone):
New
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
Hello there,
I'm on Ubuntu 14.04.3, Openstack Juno and OpenLDAP v2.4.31 releases.
I configured OpenLDAP as an identity backend for Keystone and configured it
according to official documentation from:
http://docs.openstack.org/developer/keystone/configuration.html
I'd like my users to be able to change their own passwords, but at the same
time OpenLDAP password policy to be enforced upon password changes. I've set to
true all allow_creates, allow_updates and allow_deletes not to be restricted in
any way by keystone.
The problem is the following: RootDN account is used for binding when the
user is changing his/her password. OpenLDAP password policy is not enforced
when RootDN performs the password change. As a result, no password policy is
enforced during password change.
If I don't set LDAP user/password in keystone.conf, then users cannot change
their own passwords at all.
Please recommend how I can allow the users to change their own passwords and
at the same time enforce OpenLDAP password policy.
Thank you,
Nodir
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1528676/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
