** Changed in: openldap (Ubuntu)
Status: New => In Progress
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1866303
Title:
slapd crash with pwdAccountLockedTime and stacked overlays
Status in openldap package in Ubuntu:
In Progress
Status in openldap package in Debian:
Unknown
Bug description:
Hello,
Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an
issue in the ppolicy overlay that can crash slapd. Please also
consider SRUing the patch after it has had some testing time.
Upstream: https://openldap.org/its/?findid=9171
Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150
The ingredients for the crash are:
1: ppolicy overlay configured with pwdLockout: TRUE
2. smbk5pwd overlay stacked after ppolicy
3. an account locked out via pwdAccountLockedTime
4. a client binding to the locked-out account and also requesting the ppolicy
control
The buggy code is not as specific as the above steps, so I suspect
there are probably other configurations or steps that can trigger the
same crash.
I will attach my test script and data for reproducing the crash.
Expected output (last lines):
[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd running
Actual output (last lines):
[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd dead
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
