[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4096) ppolicy overlay doesn't work when there are subordinate databases

To: openldap-its@OpenLDAP.org
Subject: (ITS#4096) ppolicy overlay doesn't work when there are subordinate databases
From: kevins@bmrb.co.uk
Date: Mon, 17 Oct 2005 00:09:49 GMT

Full_Name: Kevin Spicer
Version: 2.3.11
OS: Solaris 9 / linux gentoo
URL: 
Submission from: (NULL) (198.178.236.10)


When slapd is configured with subordinate databases the ppolicy module does not
work.

To reproduce...

Configure slapd with two or more databases glued together as subordinates.

[ In my configuration user accounts are held only in the superior database, and
so the 'overlay ppolicy' directive is applied only to the superior database
definition ] 

Attempting to change a users password [using ldappasswd and binding as the user
themselves] results in the password being updated but no changes by the ppolicy
module (pwdChanged time not updated, pwdHistory not added, pwdReset not removed
etc.)  Also it seems possible to reuse old passwords in this configuration

Also if adding the ppolicy module to both the superior and one or more
subordinate databases the following error is recieved when slapd exits...
*** glibc detected *** double free or corruption (!prev): 0x08220e10 ***

Openldap was configured with
./configure '--prefix=/opt/openldap-2.3.11' '--enable-bdb' '--enable-lbdm'
'--enable-crypt' '--with-threads' '--with-tls' '--without-kerberos'
'--enable-wrappers' '--enable-modules' '--enable-ppolicy=mod'

I've also tested with --enable-ppolicy=yes with the same results

I'll work up a sanitised version of my slapd.conf and post shortly

Prev by Date: Samba segfault caused by OpenLDAP ?
Next by Date: Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Index(es):
- Chronological
- Thread