[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4516) Rebinding in the same conn confuses ppolicy overlay

To: openldap-its@OpenLDAP.org
Subject: (ITS#4516) Rebinding in the same conn confuses ppolicy overlay
From: ahasenack@terra.com.br
Date: Tue, 2 May 2006 14:08:34 GMT

Full_Name: Andreas Hasenack
Version: 2.3.21
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.140.247.99)


I have an user with pwdReset: TRUE and the policy for that user has
pwdMustChange: TRUE. While testing this I found out that the following happens
if done in this order in the same connection:

1) bind anon, do a search: works
2) bind as that user, do a search: fails (expected)
3) rebind as anon, do a search: fails with the same error as (2) (not expected)

Logs:
May  2 10:58:15 cs4 slapd[2588]: conn=75 fd=30 ACCEPT from IP=10.0.2.177:32948
(IP=0.0.0.0:389)
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=0 BIND dn="" method=128
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=0 RESULT tag=97 err=0 text=
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=1 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=2 BIND
dn="uid=fulano,ou=people,dc=example,dc=com" method=128
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=2 BIND
dn="uid=fulano,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=2 RESULT tag=97 err=0 text=
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=3 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=3 SEARCH RESULT tag=101 err=50
nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify
password
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=4 BIND anonymous mech=implicit
ssf=0
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=4 BIND dn="" method=128
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=4 RESULT tag=97 err=0 text=
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=5 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=5 SEARCH RESULT tag=101 err=50
nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify
password
May  2 10:58:15 cs4 slapd[2588]: conn=75 op=6 UNBIND
May  2 10:58:15 cs4 slapd[2588]: conn=75 fd=30 closed

Prev by Date: (ITS#4515) config backend: unable to change olcLimits
Next by Date: Re: (ITS#4514) deltasyncrepl logpurge bug
Index(es):
- Chronological
- Thread