Please close this its.
In 2.4.21 Version works fine.
Tanks Jarbas
2009/12/3 Jarbas Peixoto J=FAnior jarbas.junior@gmail.com:
Attached to the configuration file server testing openldap squeeze.
I made some changes to the file /etc/ldap/slapd.overlay.conf being included by /etc/ldap/slapd.conf and discovered that the problem is with the overlay rwm, because when I comment that overlay the problem does not appear.
If I keep the following entries rwm overlay the problem happen again:
moduleload rwm overlay rwm
Even with the other settings overlay rwm commented the problem continues.
Any ideas?
2009/12/2 Howard Chu hyc@symas.com:
jarbas.junior@gmail.com wrote:
Full_Name: Jarbas Peixoto Junior Version: 2.4.11 / 2.4.17 / 2.4.20 OS: Gnu/Linux Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.152.34.143)
Possible bug in Overlay pPolicy
I have OpenLDAP installed via the Debian Lenny package functioning normally.
Aiming to test the version of Debian Squeeze in the test machine instal=
led
package slapd (2.4.17-2.1) with the same set of Debian Lenny (2.4.11).
However, when testing the overlay pPolicy noticed that a wrong password authentication, runs all objects in the ldap database, causing a "delay=
"
that does not exist in version Lenny.
Below is some information that may be useful in detecting the problem:
File: slapd.conf =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D moduleload =A0 =A0 =A0ppolicy overlay ppolicy ppolicy_default "cn=3Ddefault,ou=3DLdapPassword,ou=3DPoliticas,ou=3DBuiltin,dc=3Dprevid=
encia,dc=3Dgov,dc=3Dbr"
ppolicy_use_lockout =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
ldapsearch -LLL -x -H ldap://squeeze -b ou=3DLdapPassword,ou=3DPoliticas,ou=3DBuiltin,dc=3Dprevidencia,dc=3Dgov=
,dc=3Dbr
'(cn=3Ddefault)' dn: cn=3Ddefault,ou=3DLdapPassword,ou=3DPoliticas,ou=3DBuiltin,dc=3Dprevide=
ncia,dc=3Dgov,d
=A0c=3Dbr objectClass: top objectClass: device objectClass: pwdPolicy pwdAttribute: userPassword description:: UG9sw610aWNhIGRlIFNlbmhhIERlZmF1bHQgcGFyYSB0b2RvcyB1c3XDoXJpb3M=3D pwdAllowUserChange: TRUE pwdFailureCountInterval: 3600 pwdGraceAuthNLimit: 5 pwdInHistory: 0 pwdLockoutDuration: 60 pwdMaxAge: 7776000 pwdMinAge: 0 pwdMinLength: 6 pwdSafeModify: FALSE pwdCheckQuality: 1 pwdExpireWarning: 600 cn: default pwdMustChange: FALSE pwdMaxFailure: 10 pwdLockout: FALSE
date ; ldapsearch -LLL -x -H ldap://squeeze -b ou=3Dusuarios,dc=3Dprevidencia,dc=3Dgov,dc=3Dbr -D uid=3Djarbas.peixoto,ou=3Dpessoas,ou=3Dusuarios,dc=3Dprevidencia,dc=3Dg=
ov,dc=3Dbr -w
wrong-password '(uid=3Djarbas.peixoto)' cn mail pwdFailureTime pwdAccountLockedTime modifyTimeStamp ; date Qua Dez =A02 16:14:56 AMST 2009 ldap_bind: Invalid credentials (49) Qua Dez =A02 16:15:36 AMST 2009
grep 'access_allowed: search access to' /var/log/debug | wc -l 83714
The question is: why access all entries in LDAP?
Don't know. This would have to be the result of a search operation, but there is no search code in ppolicy.c. Since ppolicy cannot be the culpri=
t,
we'll need to see the rest of your config to track down the issue.
-- =A0-- Howard Chu =A0CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 http://www.symas.com =A0Director, Highland Sun =A0 =A0 http://highlandsun.com/hyc/ =A0Chief Architect, OpenLDAP =A0http://www.openldap.org/project/