[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5979) ppolicy & access log crashes server
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#5979) ppolicy & access log crashes server
- From: hyc@symas.com
- Date: Sat, 28 Feb 2009 03:44:46 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
pgiesin@gmail.com wrote:
> Full_Name: Peter Giesin
> Version: 2.4.13
> OS: Red Hat 5.2
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (24.187.213.234)
>
>
> Enabled both accesslog and ppolicy overlays (configurations included below). All
> attempts to bind with an invalid password causes the server to crash and
> database to be corrupted. If you disable either of the overlays or just the
> "logold" setting of the accesslog the behavior is no longer noticed.
Interesting, for me only the first attempt crashed; after restarting the same
attempt just failed normally. Anyway, thanks for the report, this is now fixed
in HEAD.
> overlay ppolicy
> ppolicy_default cn=Standard,ou=Policies,dc=amwater,dc=com
> ppolicy_use_lockout TRUE
> ppolicy_hash_cleartext TRUE
>
> overlay accesslog
> logdb cn=log
> logops all
> logold (objectclass=*)
> logpurge 5+00:00 1+00:00
> logsuccess TRUE
>
> dn: cn=Standard,ou=Policies,dc=amwater,dc=com
> cn: Standard
> description: Standard password policy.
> pwdAttribute: 2.5.4.35
> pwdMinAge: 60
> # 30 days: 60 sec * 60 min * 24 hr * 30 days
> pwdMaxAge: 2592000
> pwdCheckQuality: 1
> pwdMinLength: 7
> # Warn three days in advance
> pwdExpireWarning: 259200
> pwdGraceAuthNLimit: 3
> pwdLockout: TRUE
> pwdLockoutDuration: 1200
> pwdMaxFailure: 3
> pwdFailureCountInterval: 1200
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> pwdSafeModify: TRUE
> objectclass: device
> objectclass: pwdPolicy
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/