OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/8564
Full headers

From: bhalsema@purdue.edu
Subject: ppolicy overlay and MMR delta-sync lost sync on switching to REFRESH
Compose comment
Download message
State:
0 replies:
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 09 Jan 2017 15:55:35 +0000
From: bhalsema@purdue.edu
To: openldap-its@OpenLDAP.org
Subject: ppolicy overlay and  MMR delta-sync lost sync on switching to REFRESH
Full_Name: Beth Halsema
Version: 2.4.44
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.210.177.153)


The ppolicy overlay attempts to perform an LDAP_MOD_DELETE on attributes that
have already been removed via a SLAP_MOD_SOFTDEL.  This results in an error like
the following:

bdb_modify_internal: 16 modify/delete: pwdGraceUseTime: no such attribute
bdb_modify: modify failed (16)
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=16 matched="" text="modify/delete: pwdGraceUseTime: no
such attribute"
null_callback : error code 0x10
slap_graduate_commit_csn: removing 0x7f38bc11c4c0
20170106184533.027966Z#000000#001#000000
syncrepl_message_to_op: rid=001 be_modify uid=nd,ou=People,dc=example,dc=com
(16)
...
do_syncrep2: rid=001 delta-sync lost sync on
(reqStart=20170106184533.000001Z,cn=log), switching to REFRESH


I will be uploading a tarfile th c contains a test script, ldif files (used by
the test script), and a suggested patch.  We have performed limited testing
which demonstrated desirable behavior.

NOTE: The test script looks for the LDIFs in the DATADIR.  I tested the script
      using the openldap-2.4.44/tests/run script.  

Followup 1

Download message
Date: Mon, 9 Jan 2017 10:58:18 -0500 (EST)
From: Beth Halsema <bhalsema@purdue.edu>
To: openldap-its@openldap.org
Subject: Re: (ITS#8564) ppolicy overlay and  MMR delta-sync lost sync on
 switching to REFRESH
I apologize...I am not sure how I caused this to be reposted.  I apologize
for the duplicate ticket.

Beth

On Mon, 9 Jan 2017, openldap-its@openldap.org wrote:

> Date: Mon, 9 Jan 2017 10:55:37
> To: bhalsema@purdue.edu
> From: openldap-its@openldap.org
> Subject: Re: (ITS#8564) ppolicy overlay and  MMR delta-sync lost sync on
>     switching to REFRESH
> 
> 
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
> 
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#8564.
> 
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
> 
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#8564)
> in the subject will automatically be attached to the issue report.
> 
> 	mailto:openldap-its@openldap.org?subject=(ITS#8564)
> 
> You may follow the progress of this report by loading the following
> URL in a web browser:
>     http://www.OpenLDAP.org/its/index.cgi?findid=8564
> 
> Please remember to retain your issue tracking number (ITS#8564)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
> 
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
> 
> OpenLDAP Software is user supported.
> 	http://www.OpenLDAP.org/support/
> 
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.



Followup 2

Download message
Date: Mon, 09 Jan 2017 08:00:45 -0800
From: Quanah Gibson-Mount <quanah@symas.com>
To: bhalsema@purdue.edu, openldap-its@OpenLDAP.org
Subject: Re: (ITS#8564) ppolicy overlay and MMR delta-sync lost sync on
 switching to REFRESH
--On Monday, January 09, 2017 3:58 PM +0000 bhalsema@purdue.edu wrote:

>
> I apologize...I am not sure how I caused this to be reposted.  I apologize
> for the duplicate ticket.

Thanks Beth, I'll close this one out as a duplicate.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>



Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org