[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3980) ppolicy overlay replication problems
Kevin Spicer wrote:
> All four cases now pass my tests.
>
> Thanks again for your help.
>
You're welcome. I note that this whole area is an ugly mess.
Since you're using slurpd, a more direct solution would have been simply
to bind to the replica using the updatedn and reset the offending
attributes there.
> On Sun, 2005-09-04 at 22:44 +0100, Howard Chu wrote:
>
>> Ah right. Thanks for the feedback. Case 4 should now be fixed in HEAD.
>>
>> Kevin Spicer wrote:
>>
>>> Thanks for the fix Howard,
>>>
>>> Unfortunately it only solves three of the four cases in my original
>>> report. Case 4 remains unsolved.
>>>
>>> I'm thinking because this is a slightly different case, where
>>> pwdGraceUseTime exists on the replica but not on the master.
>>>
>>> The impact of this is that where a user is authenticating against a
>>> replica and locks themselves out due to exhausting grace logins then
>>> even after an administrator resets the password they will still be
>>> unable to bind to the replica.
>>>
>>> This was tested against 2.3.7 with ppolicy.c from HEAD
>>>
>>> Kevin
>>>
>>>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/