[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.
From: hyc@symas.com
Date: Thu, 2 Dec 2010 17:14:38 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

h.b.furuseth@usit.uio.no wrote:
> Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak.
>
> Reproducing the bug:
>
>    userPassword can exist without pwdChangedTime if you bypass
>    ppolicy: Use slapadd to add an entry with userPassword, or add
>    it to a subtree with no policy and then configure a policy.
>
>    Then set up ppolicy and use ldapmodify to delete userPassword.
>
In that case the correct fix is to skip the pwdChangedTime attribute 
completely. The ppolicy spec says that entries without pwdChangedTime are not 
subject to password expiration at all.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6731) Scrambled error strings from back-ldif
Next by Date: Re: (ITS#6660) paged result searches fail to deallocate memory until slapd shutdown
Index(es):
- Chronological
- Thread