[Date Prev][Date Next] [Chronological] [Thread] [Top]
Rép. : Re: Problem with overlay ppolicy: server don't check the syntax

To: <kevins@bmrb.co.uk>
Subject: Rép. : Re: Problem with overlay ppolicy: server don't check the syntax
From: "Eudes LEDUCQ" <LEDUCQ@hec.fr>
Date: Fri, 10 Feb 2006 10:06:21 +0100
Cc: <openldap-software@OpenLDAP.org>
Hi,
 
the policy seem to be actived, but the password are not checked  I
joint my log to help you for help my to know why it's not work:
 
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 112 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily
unavailable)
do_modify
ber_scanf fmt ({m) ber:
ber_scanf fmt ({e{m[W]}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
>>> dnPrettyNormal: <uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>
<<< dnPrettyNormal: <uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>,
<uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
==> unique_modify <uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>
bdb_dn2entry("uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr")
bdb_entry_get: rc=0
bdb_dn2entry("cn=default,ou=policies,dc=xxx,dc=fr")
bdb_entry_get: rc=0
bdb_dn2entry("uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr")
bdb_modify_internal: 0x000114fa:
uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr
oc_check_required entry
(uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr), objectClass
"myPerson"
oc_check_allowed type "cn"
oc_check_allowed type "objectClass"
oc_check_allowed type "sn"
oc_check_allowed type "uid"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "userPassword"
oc_check_allowed type "pwdChangedTime"
oc_check_allowed type "pwdHistory"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
=> entry_encode(0x000114fa):
uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr
bdb_modify: updated id=000114fa
dn="uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr"
send_ldap_result: conn=0 op=15 p=3
send_ldap_response: msgid=16 tag=103 err=0
ber_flush: 14 bytes to sd 11
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 114 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily
unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>
<<< dnPrettyNormal: <uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>,
<uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
=> bdb_search
bdb_dn2entry("uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr")
=> send_search_entry: conn 0
dn="uid=eleducq,o=service1,o=individus,dc=xxx,dc=fr"
ber_flush: 211 bytes to sd 11
<= send_search_entry: conn 0 exit.
send_ldap_result: conn=0 op=16 p=3
send_ldap_response: msgid=17 tag=101 err=0
ber_flush: 14 bytes to sd 11
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 91 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily
unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=policies,dc=xxx,dc=fr>
<<< dnPrettyNormal: <ou=policies,dc=xxx,dc=fr>,
<ou=policies,dc=xxx,dc=fr>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
=> bdb_search
bdb_dn2entry("ou=policies,dc=xxx,dc=fr")
search_candidates: base="ou=policies,dc=xxx,dc=fr" (0x000114fb)
scope=1
=> bdb_dn2idl("ou=policies,dc=xxx,dc=fr")
<= bdb_dn2idl: id=1 first=70909 last=70909
=> bdb_presence_candidates (objectClass)
bdb_search_candidates: id=1 first=70909 last=70909
=> send_search_entry: conn 0 dn="cn=default,ou=policies,dc=xxx,dc=fr"
ber_flush: 280 bytes to sd 11
<= send_search_entry: conn 0 exit.
send_ldap_result: conn=0 op=17 p=3
send_ldap_response: msgid=18 tag=101 err=0
ber_flush: 14 bytes to sd 11
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 102 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily
unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <cn=default,ou=policies,dc=xxx,dc=fr>
<<< dnPrettyNormal: <cn=default,ou=policies,dc=xxx,dc=fr>,
<cn=default,ou=policies,dc=xxx,dc=fr>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
=> bdb_search
bdb_dn2entry("cn=default,ou=policies,dc=xxx,dc=fr")
=> send_search_entry: conn 0 dn="cn=default,ou=policies,dc=xxx,dc=fr"
ber_flush: 280 bytes to sd 11
<= send_search_entry: conn 0 exit.
send_ldap_result: conn=0 op=18 p=3
send_ldap_response: msgid=19 tag=101 err=0
ber_flush: 14 bytes to sd 11


thx

>>> Kevin Spicer <kevins@bmrb.co.uk> 02/10 9:21  >>>
On Fri, 2006-02-10 at 08:19 +0100, Eudes LEDUCQ wrote:
> Hi,
> 
> I have a problem, the server don't check the syntax of the password
for
> example when i change it to  a small than 5 caracteres. I don't
> understand why ? 
> and when do you know what i must add to the user entry to have the
> pwdChangedTime attribute ?

Are you sure you have ppolicy running?  If you compiled it as a module
you also need to load the module.  Something like...

modulepath      /usr/local/libexec/openldap
moduleload      ppolicy.la

in slapd.conf.

If its accepting a password shorter than pwdMinLength then probably
either ppolicy isn't being applied or a wrong (none-existant) policy
is
being applied.

Make sure that test022 runs sucessfully when you do make test.

=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk 
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Prev by Date: Problem with transfer data from 2.0.x to 2.2.y
Next by Date: Re: Problem with overlay ppolicy: server don't check the syntax
Index(es):
- Chronological
- Thread