[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5979) ppolicy & access log crashes server



--000e0cd4d91a91c2d40463f28568
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Since the database was corrupted (we were getting a Segmentation Fault when
restarting the server) we simply removed the database. I guess if we
recovered the database instead we would have gotten the same results.

Thanks for the quick fix.

Pete

On Fri, Feb 27, 2009 at 10:44 PM, Howard Chu <hyc@symas.com> wrote:

> pgiesin@gmail.com wrote:
>
>> Full_Name: Peter Giesin
>> Version: 2.4.13
>> OS: Red Hat 5.2
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (24.187.213.234)
>>
>>
>> Enabled both accesslog and ppolicy overlays (configurations included
>> below). All
>> attempts to bind with an invalid password causes the server to crash and
>> database to be corrupted. If you disable either of the overlays or just
>> the
>> "logold" setting of the accesslog the behavior is no longer noticed.
>>
>
> Interesting, for me only the first attempt crashed; after restarting the
> same attempt just failed normally. Anyway, thanks for the report, this is
> now fixed in HEAD.
>
>  overlay ppolicy
>> ppolicy_default cn=Standard,ou=Policies,dc=amwater,dc=com
>> ppolicy_use_lockout TRUE
>> ppolicy_hash_cleartext TRUE
>>
>> overlay accesslog
>> logdb cn=log
>> logops all
>> logold (objectclass=*)
>> logpurge 5+00:00 1+00:00
>> logsuccess TRUE
>>
>> dn: cn=Standard,ou=Policies,dc=amwater,dc=com
>> cn: Standard
>> description: Standard password policy.
>> pwdAttribute: 2.5.4.35
>> pwdMinAge: 60
>> # 30 days: 60 sec * 60 min * 24 hr * 30 days
>> pwdMaxAge: 2592000
>> pwdCheckQuality: 1
>> pwdMinLength: 7
>> # Warn three days in advance
>> pwdExpireWarning: 259200
>> pwdGraceAuthNLimit: 3
>> pwdLockout: TRUE
>> pwdLockoutDuration: 1200
>> pwdMaxFailure: 3
>> pwdFailureCountInterval: 1200
>> pwdMustChange: TRUE
>> pwdAllowUserChange: TRUE
>> pwdSafeModify: TRUE
>> objectclass: device
>> objectclass: pwdPolicy
>>
>>
>>
>
> --
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--000e0cd4d91a91c2d40463f28568
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Since the database was corrupted (we were getting a Segmentation Fault when=
 restarting the server) we simply removed the database. I guess if we recov=
ered the database instead we would have gotten the same results.<br><br>
Thanks for the quick fix.<br><br>Pete<br><br><div class=3D"gmail_quote">On =
Fri, Feb 27, 2009 at 10:44 PM, Howard Chu <span dir=3D"ltr">&lt;<a href=3D"=
mailto:hyc@symas.com";>hyc@symas.com</a>&gt;</span> wrote:<br><blockquote cl=
ass=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); mar=
gin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<a href=3D"mailto:pgiesin@gmail.com"; target=3D"_blank">pgiesin@gmail.com</a=
> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Full_Name: Peter Giesin<br>
Version: 2.4.13<br>
OS: Red Hat 5.2<br>
URL: <a href=3D"ftp://ftp.openldap.org/incoming/"; target=3D"_blank">ftp://f=
tp.openldap.org/incoming/</a><br>
Submission from: (NULL) (24.187.213.234)<br>
<br>
<br>
Enabled both accesslog and ppolicy overlays (configurations included below)=
. All<br>
attempts to bind with an invalid password causes the server to crash and<br=
>
database to be corrupted. If you disable either of the overlays or just the=
<br>
&quot;logold&quot; setting of the accesslog the behavior is no longer notic=
ed.<br>
</blockquote>
<br>
Interesting, for me only the first attempt crashed; after restarting the sa=
me attempt just failed normally. Anyway, thanks for the report, this is now=
 fixed in HEAD.<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
overlay ppolicy<br>
ppolicy_default cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br>
ppolicy_use_lockout TRUE<br>
ppolicy_hash_cleartext TRUE<br>
<br>
overlay accesslog<br>
logdb cn=3Dlog<br>
logops all<br>
logold (objectclass=3D*)<br>
logpurge 5+00:00 1+00:00<br>
logsuccess TRUE<br>
<br>
dn: cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br>
cn: Standard<br>
description: Standard password policy.<br>
pwdAttribute: 2.5.4.35<br>
pwdMinAge: 60<br>
# 30 days: 60 sec * 60 min * 24 hr * 30 days<br>
pwdMaxAge: 2592000<br>
pwdCheckQuality: 1<br>
pwdMinLength: 7<br>
# Warn three days in advance<br>
pwdExpireWarning: 259200<br>
pwdGraceAuthNLimit: 3<br>
pwdLockout: TRUE<br>
pwdLockoutDuration: 1200<br>
pwdMaxFailure: 3<br>
pwdFailureCountInterval: 1200<br>
pwdMustChange: TRUE<br>
pwdAllowUserChange: TRUE<br>
pwdSafeModify: TRUE<br>
objectclass: device<br>
objectclass: pwdPolicy<br>
<br>
<br>
</blockquote>
<br>
<br>
-- <br>
 =C2=A0-- Howard Chu<br>
 =C2=A0CTO, Symas Corp. =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http:=
//www.symas.com" target=3D"_blank">http://www.symas.com</a><br>
 =C2=A0Director, Highland Sun =C2=A0 =C2=A0 <a href=3D"http://highlandsun.c=
om/hyc/" target=3D"_blank">http://highlandsun.com/hyc/</a><br>
 =C2=A0Chief Architect, OpenLDAP =C2=A0<a href=3D"http://www.openldap.org/p=
roject/" target=3D"_blank">http://www.openldap.org/project/</a><br>
</blockquote></div><br>

--000e0cd4d91a91c2d40463f28568--