[Date Prev][Date Next]
Re: (ITS#4148) fix for ITS 4134 reintroduces problem fixed in ITS 3980
> Full_Name: Kevin Spicer
> Version: 2.3.11 (+ ppolicy.c rev 1.68)
> OS: Solaris 9
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (220.127.116.11)
> Slightly misleading subject...
> The fix for ITS 3980 solved the problem of pwdGraceUseTime and
> pwdAccountLockedTime not necessarily existing on a replica, causing the
> replication to fail if these attrs needed deleting on the master.
> The fix for ITS 4134 Deletes pwdFailureTime on the master if it exists. This
> now causes replication to fail if pwdFailureTime does not exist on the replica.
> To reproduce...
> Setup master and slave instances with ppolicy module.
> Create user
> attempt to bind to master as user with incorrect password
> reset users password
> observe that new password isn't replicated entry ends up in reject log with
> ERROR: No such attribute: modify/delete: pwdFailureTime: no such attribute
Are you sure you've put an updated ppolicy module on the slave? The
current ppolicy.c code does explicitly check for this condition.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/