[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5373) ppolicy issues when deleting the password attribute, even if no password checking is enforced



This sounds like a duplicate of ITS#5285 to me.  Which will be fixed in 
2.4.8, but is not being fixed in 2.3.

--Quanah

--On February 12, 2008 9:57:46 AM +0000 Guillaume.Rousse@inria.fr wrote:

> Full_Name: Guillaume Rousse
> Version: 2.3.40
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.55.250.67)
>
>
> Here are my ppolicy settings:
> password policy
> overlay ppolicy
> ppolicy_use_lockout
> ppolicy_default cn=default,ou=policies,dc=futurs,dc=inria,dc=fr
>
> Here is my default entry:
> dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr
> cn: default
> objectClass: pwdPolicy
> objectClass: organizationalRole
> pwdAttribute: userPassword
> pwdMaxAge: 0
> pwdInHistory: 0
> pwdCheckQuality: 0
>
> According to documentation, no user password quality checking should take
> places, however, trying to delete userPassword attribute for an user
> triggers at least a server error with this LDIF fragment:
> dn: userdn
> changetype: modify
> delete: userPassword
>
> ldapmodify: Internal (implementation specific) error (80)
> 	additional info: Internal Error
>
> Error message in logs: "cannot locate modification supplying new password"
>
> Or worst, a server crash with this one:
> dn: userdn
> changetype: modify
> replace: userPassword
>
> No error message from ldapmodify, and no error message in the logs in
> this case.
>
>



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration