[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4148) fix for ITS 4134 reintroduces problem fixed in ITS 3980

kevins@bmrb.co.uk wrote:
> Full_Name: Kevin Spicer
> Version: 2.3.11 (+ ppolicy.c rev 1.68)
> OS: Solaris 9
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Slightly misleading subject...
> The fix for ITS 3980 solved the problem of pwdGraceUseTime and
> pwdAccountLockedTime not necessarily existing on a replica, causing the
> replication to fail if these attrs needed deleting on the master.
> The fix for ITS 4134 Deletes pwdFailureTime on the master if it exists.  This
> now causes replication to fail if pwdFailureTime does not exist on the replica.
> To reproduce...
> Setup master and slave instances with ppolicy module.
> Create user
> attempt to bind to master as user with incorrect password
> reset users password
> observe that new password isn't replicated entry ends up in reject log with
> error...
> ERROR: No such attribute: modify/delete: pwdFailureTime: no such attribute
Are you sure you've put an updated ppolicy module on the slave? The 
current ppolicy.c code does explicitly check for this condition.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/