[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6867) Password replication does not work properly in LDAP using openldap 2.4.23



djadeja@avaya.com wrote:
> Full_Name: Divyaraj Jadeja
> Version: 2.4.23
> OS: RHEL 5.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (198.152.14.67)
>
>
> Issue : Password replication does not work properly in LDAP using openLDAP
> 2.4.23.

Bug reports in 2.4.23 are no longer being investigated. 2.4.24 is the current 
release.

This report is lacking critical details, particularly the actual 
configurations used on each server, including ACLs, relevant password 
policies, exact LDAP commands issued in each step, etc.
>
> Scenario1a:
> Steps to Reproduce:
> 1. Installed my custom software on 2 machines with HA LDAP configured.
> 2. Verify that the connectivity between both the machines is working fine.
> 3. Stopped slapd on Machine2.
> 4. Created a new user test1 of a particular group on the Machine1.
> 5. Started slapd on Machine2.
> 6. Verified that test1 user created in step 4 is present in the LDAP DB on
> Machine2.
> 7. Login user test1 on the Machine2. The password of user test1 expires, login
> of the user is successful after changing the password.
> 8. Login the same user test1 on Machine1.
>
> Actual Result :
> The changed password is not accepted on Machine1.
> If the original password of user test1 is entered then the password is accepted
> and the password expires again.
>
> Scenario 1b (minor modification in steps):
> Created a new user. Ensure slapd on both Machine1&  Machine2 is up&  running.
> Login this user on Machine2, password of this user expires, change the password.
> Run ldapsearch command on both the machines. Password is changed on the
> secondary dialer but the same is not replicated on the primary dialer.
>
> Expected Result : User's password must get replicated across all the Machines.
>
> Scenario 2 in which LDAP replication does not work.
>
> Steps to Reproduce:
> 1. Set up 2 machines with HA-LDAP configured.
> 2. Ensure that there is proper connectivity between both the machines.
> 3. Stop slapd on machine1.
> 4. Create a new user test2.
> 5. Start slapd on machine1.
> 6. Verify that the user is replicated on machine1.
> 7. Cange the password, group&  description and save.
>
> Actual Result : Changes are present on Machine1 but do not get replicated to
> Machine2 even though slapd is up on both the machines.
>
> Additional Observations:
> 1. This was observed intermittently. The default log is not leading anywhere,
> will try setting advanced log&  then replicating the issue.
> 2. The pwd not replicating replicates after some time arnd 10 mins approx, will
> find the time again.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/