[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5373) ppolicy issues when deleting the password attribute, even if no password checking is enforced

Full_Name: Guillaume Rousse
Version: 2.3.40
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Here are my ppolicy settings:
password policy
overlay ppolicy
ppolicy_default cn=default,ou=policies,dc=futurs,dc=inria,dc=fr

Here is my default entry:
dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr
cn: default
objectClass: pwdPolicy
objectClass: organizationalRole
pwdAttribute: userPassword
pwdMaxAge: 0
pwdInHistory: 0
pwdCheckQuality: 0

According to documentation, no user password quality checking should take
places, however, trying to delete userPassword attribute for an user triggers at
least a server error with this LDIF fragment:
dn: userdn
changetype: modify
delete: userPassword

ldapmodify: Internal (implementation specific) error (80)
	additional info: Internal Error

Error message in logs: "cannot locate modification supplying new password"

Or worst, a server crash with this one:
dn: userdn
changetype: modify
replace: userPassword

No error message from ldapmodify, and no error message in the logs in this case.