[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3980) ppolicy overlay replication problems

Thanks for the fix Howard,

Unfortunately it only solves three of the four cases in my original
report.  Case 4 remains unsolved.  

I'm thinking because this is a slightly different case, where
pwdGraceUseTime exists on the replica but not on the master.

The impact of this is that where a user is authenticating against a
replica and locks themselves out due to exhausting grace logins then
even after an administrator resets the password they will still be
unable to bind to the replica.

This was tested against 2.3.7 with ppolicy.c from HEAD


On Sun, 2005-09-04 at 15:25 +0100, Howard Chu wrote:
> Thanks for the report, a fix is now in CVS HEAD, please test.
> kevins@bmrb.co.uk wrote:
> > Just to add that I've just (remembered and) checked the slurpd
> rejects
> > file and am indeed seeing the password updates rejected because
> > pwdGraceUseTime does not exist.
> >
> >  
> --
>   -- Howard Chu
>   Chief Architect, Symas Corp.  http://www.symas.com
>   Director, Highland Sun        http://highlandsun.com/hyc
>   OpenLDAP Core Team            http://www.openldap.org/project/


This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.