[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3946) PPolicy Overlay - Problem with password reset
The original code reset the flag when receiving an Unbind request. The
previous patch resets the flag whenever a connection closes. From the
trace you provided, it appears that the connection in question never
actually gets an Unbind request, and never actually closes. I've
committed a new patch to reset the lockout flag whenever a Bind request
is received; this should resolve the issue. Please test rev 1.56.
McKinney, Shawn wrote:
>
> Log trace of failure, step #5 below. You can see how the rootdn binds
> to directory:
>
> *** begin 1st error trace ***
> bdb_bind: dn: cn=Manager,dc=fnfis,dc=com
> conn=1 op=3 BIND dn="cn=Manager,dc=fnfis,dc=com" mech=SIMPLE ssf=0
> send_ldap_result: err=0
> *** end 1st error trace ***
>
> But somehow the userId that has the reset password gets swapped in for
> the operation the rootDn trys to perform:
>
> *** begin 2nd error trace ***
> conn=1 op=4 SRCH base="uid=bubba1,ou=People,dc=fnfis,dc=com" scope=1
> deref=0 filter="(objectClass=fwuserrole)"
> conn=1 op=4 SRCH attr=cn fwTimeout fwuserid fwBeginTime fwEndTime
> fwDayMask fwRoleDn fwbegindate fwenddate
> PPOLICY MODULE: In ppolicy_restrict
> send_ldap_result: err=50 matched="" text="Operations are restricted to
> bind/unbind/abandon/StartTLS/modify password"
> conn=1 op=4 SEARCH RESULT tag=101 err=50 nentries=0 text=Operations
> are restricted to bind/unbind/abandon/StartTLS/modify password
> *** begin 2nd error trace ***
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/