| Thread Previous • Date Previous • Date Next • Thread Next |
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1528676
Title:
OpenLDAP password policy not enforced for password changes
Status in OpenStack Identity (keystone):
New
Status in OpenStack Security Advisory:
Incomplete
Bug description:
Hello there,
I'm on Ubuntu 14.04.3, Openstack Juno and OpenLDAP v2.4.31 releases.
I configured OpenLDAP as an identity backend for Keystone and configured it according to official documentation from:
http://docs.openstack.org/developer/keystone/configuration.html
I'd like my users to be able to change their own passwords, but at the same time OpenLDAP password policy to be enforced upon password changes. I've set to true all allow_creates, allow_updates and allow_deletes not to be restricted in any way by keystone.
The problem is the following: RootDN account is used for binding when the user is changing his/her password. OpenLDAP password policy is not enforced when RootDN performs the password change. As a result, no password policy is enforced during password change.
If I don't set LDAP user/password in keystone.conf, then users cannot change their own passwords at all.
Please recommend how I can allow the users to change their own passwords and at the same time enforce OpenLDAP password policy.
Thank you,
Nodir
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1528676/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
