https://bugs.openldap.org/show_bug.cgi?id=9279
--- Comment #15 from Michael Ströder michael@stroeder.com --- (In reply to Quanah Gibson-Mount from comment #14)
(In reply to Michael Ströder from comment #13)
(In reply to Howard Chu from comment #12)
Can you please test with this patch? https://git.openldap.org/hyc/openldap/-/commits/its9279
Can I just back-port this diff to RE24?
https://git.openldap.org/hyc/openldap/-/commit/ dae146b251673d8a668a465e13f9671ae4fffa9a
Yes.
It does not work:
5f232451 conn=1011 op=0 BIND dn="cn=user1,o=öäü,dc=example,dc=org" mech=SIMPLE ssf=0 5f232451 ppolicy_bind: Setting warning for password expiry for cn=user1,o=öäü,dc=example,dc=org = 1 seconds DEBUG:root:<ldap0.ldapobject.LDAPObject object at 0x7f5210212a60> ldap://127.0.0.1:35171 - LDAPObject.result(((1, 1, -1, True, False, False), {})) 5f232451 conn=1011 op=0 RESULT tag=97 err=0 text= DEBUG:root:-> (97, [], 1, [(b'2.16.840.1.113730.3.4.4', 0, b'0')]) DEBUG:root:bind_res = LDAPResult(97, [], 1, [<ldap0.controls.pwdpolicy.PasswordExpiredControl object at 0x7f52101eba30>])
I've checked my test code whether there's a timing problem. But slapo-ppolicy logs "Setting warning for password expiry" and so I assume the test code is correct.