[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3980) ppolicy overlay replication problems

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3980) ppolicy overlay replication problems
From: hyc@symas.com
Date: Sun, 4 Sep 2005 21:45:04 GMT

Ah right. Thanks for the feedback. Case 4 should now be fixed in HEAD.

Kevin Spicer wrote:
> Thanks for the fix Howard,
>
> Unfortunately it only solves three of the four cases in my original
> report.  Case 4 remains unsolved.  
>
> I'm thinking because this is a slightly different case, where
> pwdGraceUseTime exists on the replica but not on the master.
>
> The impact of this is that where a user is authenticating against a
> replica and locks themselves out due to exhausting grace logins then
> even after an administrator resets the password they will still be
> unable to bind to the replica.
>
> This was tested against 2.3.7 with ppolicy.c from HEAD
>
> Kevin
>
>
>
> On Sun, 2005-09-04 at 15:25 +0100, Howard Chu wrote:
>   
>> Thanks for the report, a fix is now in CVS HEAD, please test.
>>
>> kevins@bmrb.co.uk wrote:
>>     
>>> Just to add that I've just (remembered and) checked the slurpd
>>>       
>> rejects
>>     
>>> file and am indeed seeing the password updates rejected because
>>> pwdGraceUseTime does not exist.
>>>
>>>       
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: (ITS#4003) error when running slapcat
Next by Date: Re: (ITS#3980) ppolicy overlay replication problems
Index(es):
- Chronological
- Thread