[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3980) ppolicy overlay replication problems

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3980) ppolicy overlay replication problems
From: kevins@bmrb.co.uk
Date: Sun, 4 Sep 2005 22:45:31 GMT

All four cases now pass my tests.

Thanks again for your help.

On Sun, 2005-09-04 at 22:44 +0100, Howard Chu wrote:
> Ah right. Thanks for the feedback. Case 4 should now be fixed in HEAD.
> 
> Kevin Spicer wrote:
> > Thanks for the fix Howard,
> >
> > Unfortunately it only solves three of the four cases in my original
> > report.  Case 4 remains unsolved. 
> >
> > I'm thinking because this is a slightly different case, where
> > pwdGraceUseTime exists on the replica but not on the master.
> >
> > The impact of this is that where a user is authenticating against a
> > replica and locks themselves out due to exhausting grace logins then
> > even after an administrator resets the password they will still be
> > unable to bind to the replica.
> >
> > This was tested against 2.3.7 with ppolicy.c from HEAD
> >
> > Kevin
> >
> >
> >
> > On Sun, 2005-09-04 at 15:25 +0100, Howard Chu wrote:
> >  
> >> Thanks for the report, a fix is now in CVS HEAD, please test.
> >>
> >> kevins@bmrb.co.uk wrote:
> >>    
> >>> Just to add that I've just (remembered and) checked the slurpd
> >>>      
> >> rejects
> >>    
> >>> file and am indeed seeing the password updates rejected because
> >>> pwdGraceUseTime does not exist.
> >>>
> >>>      
> >
> >  
> 
> 
> --
>   -- Howard Chu
>   Chief Architect, Symas Corp.  http://www.symas.com
>   Director, Highland Sun        http://highlandsun.com/hyc
>   OpenLDAP Core Team            http://www.openldap.org/project/
> 
> 
> 

=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Prev by Date: Re: (ITS#3980) ppolicy overlay replication problems
Next by Date: Re: (ITS#3980) ppolicy overlay replication problems
Index(es):
- Chronological
- Thread