Public bug reported: Hello,
Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue in the ppolicy overlay that can crash slapd. Please also consider SRUing the patch after it has had some testing time. Upstream: https://openldap.org/its/?findid=9171 Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150 The ingredients for the crash are: 1: ppolicy overlay configured with pwdLockout: TRUE 2. smbk5pwd overlay stacked after ppolicy 3. an account locked out via pwdAccountLockedTime 4. a client binding to the locked-out account and also requesting the ppolicy control The buggy code is not as specific as the above steps, so I suspect there are probably other configurations or steps that can trigger the same crash. I will attach my test script and data for reproducing the crash. Expected output (last lines): [ ok ] Starting OpenLDAP: slapd. slapd running ldap_bind: Invalid credentials (49) slapd running Actual output (last lines): [ ok ] Starting OpenLDAP: slapd. slapd running ldap_bind: Invalid credentials (49) slapd dead ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Debian) Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #953150 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150 ** Also affects: openldap (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1866303 Title: slapd crash with pwdAccountLockedTime and stacked overlays Status in openldap package in Ubuntu: New Status in openldap package in Debian: Unknown Bug description: Hello, Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue in the ppolicy overlay that can crash slapd. Please also consider SRUing the patch after it has had some testing time. Upstream: https://openldap.org/its/?findid=9171 Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150 The ingredients for the crash are: 1: ppolicy overlay configured with pwdLockout: TRUE 2. smbk5pwd overlay stacked after ppolicy 3. an account locked out via pwdAccountLockedTime 4. a client binding to the locked-out account and also requesting the ppolicy control The buggy code is not as specific as the above steps, so I suspect there are probably other configurations or steps that can trigger the same crash. I will attach my test script and data for reproducing the crash. Expected output (last lines): [ ok ] Starting OpenLDAP: slapd. slapd running ldap_bind: Invalid credentials (49) slapd running Actual output (last lines): [ ok ] Starting OpenLDAP: slapd. slapd running ldap_bind: Invalid credentials (49) slapd dead To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
