[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6711) Problems with ppolicy_forward_updates and starttls with certificate-based auth
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6711) Problems with ppolicy_forward_updates and starttls with certificate-based auth
- From: subbarao@computer.org
- Date: Thu, 3 Feb 2011 19:19:38 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
I'd like to add one clarification to this message. I named the attached
test script that illustrates the two RESULT messages problem
test099-ppolicy-update, per Howard's previous advice not to duplicate
existing names. But I just realized that this script relies on the same
data files that I previously submitted (slapd-ppolicy.conf,
ppolicy.ldif) so when running this script please ensure that those files
are in place.
Thanks,
-Kartik
On 02/02/2011 11:50 AM, Kartik Subbarao wrote:
>>> Another problem is that bind operations to the consumer server start to
> >> return two result messages -- one with the error code of the chained
> >> operation, and one with the error code of the bind operation.
>
> I'm continuing to see this problem, even after I fix the acl-bind and
> the 'manage' ACL configuration. See the attached for an updated test
> script that illustrates the problem -- I've added a bind with an
> incorrect password which should return 49, but instead is returning 0 to
> the client.
>
> The last line of output from the test script is:
>
> ldap bind operation returned 0, expected 49
>
> For the relevant operation in slapd.2.log, I see the following:
>
> conn=1003 op=0 RESULT tag=103 err=0 text=
> [...]
> conn=1003 op=0 RESULT tag=97 err=49 text=
>
> slapd is returning two RESULT messages for the BIND operation. Error 0
> seems to be from the successful chained modification of the
> pwdFailureTime attribute, and Error 49 seems to be for the incorrect
> password.
>
> -Kartik