[EMAIL PROTECTED] wrote: > A basic back-ldap configuration with the password policy overlay stacked on > top > results in an assertfail for the second bind. e.g. given a working (possibly > empty db) on ldap://localhost:1389/... > > include ...../core.schema > include ...../ppolicy.schema > > modulepath ..... > moduleload back_ldap.la > moduleload ppolicy.la > > database ldap > suffix "" > uri ldap://localhost:1389/ > > After performing a successful remote bind, the next bind attempt halts the > back-ldap directory with: > > slapd: bind.c:905: ldap_back_getconn: Assertion `( li->li_idassert.si_flags & > (0x02U) )' failed. > > where 0x02U here is LDAP_BACK_AUTH_OVERRIDE. > > This happens under both OpenLDAP 2.3 and 2.4.
I've been able to reproduce the issue, and I think it's solved (back-ldap/search.c 1.235 -> 1.236); however I'm afraid I didn't understand all the details of your configuration, so I might have tested something different. The bug was in ldap_back_entry_get() setting up a connection based on the o_tag field, which is that of the current operation (a bind, in your case). I fixed it by always re-setting the tag to LDAP_REQ_SEARCH, under the assumption that ldap_back_entry_get() doesn't need to know what operation required the entry to be looked up. Please test and report; in case of further issues, I might need the full slapd.conf of the proxy (unless the above is all, of course...) p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
