[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4096) ppolicy overlay doesn't work when there are subordinate databases

Full_Name: Kevin Spicer
Version: 2.3.11
OS: Solaris 9 / linux gentoo
Submission from: (NULL) (

When slapd is configured with subordinate databases the ppolicy module does not

To reproduce...

Configure slapd with two or more databases glued together as subordinates.

[ In my configuration user accounts are held only in the superior database, and
so the 'overlay ppolicy' directive is applied only to the superior database
definition ] 

Attempting to change a users password [using ldappasswd and binding as the user
themselves] results in the password being updated but no changes by the ppolicy
module (pwdChanged time not updated, pwdHistory not added, pwdReset not removed
etc.)  Also it seems possible to reuse old passwords in this configuration

Also if adding the ppolicy module to both the superior and one or more
subordinate databases the following error is recieved when slapd exits...
*** glibc detected *** double free or corruption (!prev): 0x08220e10 ***

Openldap was configured with
./configure '--prefix=/opt/openldap-2.3.11' '--enable-bdb' '--enable-lbdm'
'--enable-crypt' '--with-threads' '--with-tls' '--without-kerberos'
'--enable-wrappers' '--enable-modules' '--enable-ppolicy=mod'

I've also tested with --enable-ppolicy=yes with the same results

I'll work up a sanitised version of my slapd.conf and post shortly