[Date Prev][Date Next]
Re: (ITS#3980) ppolicy overlay replication problems
Thanks for the fix Howard,
Unfortunately it only solves three of the four cases in my original
report. Case 4 remains unsolved.
I'm thinking because this is a slightly different case, where
pwdGraceUseTime exists on the replica but not on the master.
The impact of this is that where a user is authenticating against a
replica and locks themselves out due to exhausting grace logins then
even after an administrator resets the password they will still be
unable to bind to the replica.
This was tested against 2.3.7 with ppolicy.c from HEAD
On Sun, 2005-09-04 at 15:25 +0100, Howard Chu wrote:
> Thanks for the report, a fix is now in CVS HEAD, please test.
> email@example.com wrote:
> > Just to add that I've just (remembered and) checked the slurpd
> > file and am indeed seeing the password updates rejected because
> > pwdGraceUseTime does not exist.
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB Limited accepts no liability
in relation to any personal emails, or content of any email which
does not directly relate to our business.