[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4516) Rebinding in the same conn confuses ppolicy overlay
Full_Name: Andreas Hasenack
Version: 2.3.21
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.140.247.99)
I have an user with pwdReset: TRUE and the policy for that user has
pwdMustChange: TRUE. While testing this I found out that the following happens
if done in this order in the same connection:
1) bind anon, do a search: works
2) bind as that user, do a search: fails (expected)
3) rebind as anon, do a search: fails with the same error as (2) (not expected)
Logs:
May 2 10:58:15 cs4 slapd[2588]: conn=75 fd=30 ACCEPT from IP=10.0.2.177:32948
(IP=0.0.0.0:389)
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=0 BIND dn="" method=128
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=0 RESULT tag=97 err=0 text=
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=1 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=2 BIND
dn="uid=fulano,ou=people,dc=example,dc=com" method=128
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=2 BIND
dn="uid=fulano,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=2 RESULT tag=97 err=0 text=
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=3 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=3 SEARCH RESULT tag=101 err=50
nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify
password
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=4 BIND anonymous mech=implicit
ssf=0
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=4 BIND dn="" method=128
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=4 RESULT tag=97 err=0 text=
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=5 SRCH base="dc=example,dc=com"
scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(uid=fulano))"
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=5 SEARCH RESULT tag=101 err=50
nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify
password
May 2 10:58:15 cs4 slapd[2588]: conn=75 op=6 UNBIND
May 2 10:58:15 cs4 slapd[2588]: conn=75 fd=30 closed