SIMP 6.3.2-0 SSSD issues

4 views
Skip to first unread message

Dylan Cochran

unread,
Feb 22, 2019, 12:33:59 PM2/22/19
to simp-...@googlegroups.com
Users who have downloaded and installed SIMP 6.3.2-0 from either the pre-release ISOs or Tarballs may encounter an issue with SSSD. Please see the below workaround for the issue which will be fixed in the SIMP 6.3.3-0 release:

For users that may have been changing passwords directly via LDIFs, the added default of rejecting shadow passwords instead of forcing a renewal has proven to be too aggressive for production defaults and should be changed to pwd_expire_policy_renew.

Users can temporarily change the values of the SIMP provided defaults using a resource collector as follows:

SSSD::Domain <| title == 'LDAP' |> {
  'ldap_access_order' => ['ppolicy','pwd_expire_policy_renew']
}

Alternatively, users may set simp::sssd::client::ldap_domain: false in Hiera and set their own SSSD Domain information in a manner similar to what is defined in the simp::sssd::client class.


Any new information and comments will be added directly to the ticket, which can be tracked here: https://simp-project.atlassian.net/browse/SIMP-6152

--

OnyxPoint-logo-symbol-primary.png


Dylan Cochran
SIMP Enterprise Technical Lead

Onyx Point, Inc.
e: dylan....@onyxpoint.com
w/c: 410-350-9322 (preferred)


COMPANYCAREERSSIMPMeetupsBLOG

Reply all
Reply to author
Forward
0 new messages