--000e0cd4d91a91c2d40463f28568 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit
Since the database was corrupted (we were getting a Segmentation Fault when restarting the server) we simply removed the database. I guess if we recovered the database instead we would have gotten the same results.
Thanks for the quick fix.
Pete
On Fri, Feb 27, 2009 at 10:44 PM, Howard Chu hyc@symas.com wrote:
pgiesin@gmail.com wrote:
Full_Name: Peter Giesin Version: 2.4.13 OS: Red Hat 5.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (24.187.213.234)
Enabled both accesslog and ppolicy overlays (configurations included below). All attempts to bind with an invalid password causes the server to crash and database to be corrupted. If you disable either of the overlays or just the "logold" setting of the accesslog the behavior is no longer noticed.
Interesting, for me only the first attempt crashed; after restarting the same attempt just failed normally. Anyway, thanks for the report, this is now fixed in HEAD.
overlay ppolicy
ppolicy_default cn=Standard,ou=Policies,dc=amwater,dc=com ppolicy_use_lockout TRUE ppolicy_hash_cleartext TRUE
overlay accesslog logdb cn=log logops all logold (objectclass=*) logpurge 5+00:00 1+00:00 logsuccess TRUE
dn: cn=Standard,ou=Policies,dc=amwater,dc=com cn: Standard description: Standard password policy. pwdAttribute: 2.5.4.35 pwdMinAge: 60 # 30 days: 60 sec * 60 min * 24 hr * 30 days pwdMaxAge: 2592000 pwdCheckQuality: 1 pwdMinLength: 7 # Warn three days in advance pwdExpireWarning: 259200 pwdGraceAuthNLimit: 3 pwdLockout: TRUE pwdLockoutDuration: 1200 pwdMaxFailure: 3 pwdFailureCountInterval: 1200 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: TRUE objectclass: device objectclass: pwdPolicy
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--000e0cd4d91a91c2d40463f28568 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Since the database was corrupted (we were getting a Segmentation Fault when= restarting the server) we simply removed the database. I guess if we recov= ered the database instead we would have gotten the same results.<br><br> Thanks for the quick fix.<br><br>Pete<br><br><div class=3D"gmail_quote">On = Fri, Feb 27, 2009 at 10:44 PM, Howard Chu <span dir=3D"ltr"><<a href=3D"= mailto:hyc@symas.com">hyc@symas.com</a>></span> wrote:<br><blockquote cl= ass=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); mar= gin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <a href=3D"mailto:pgiesin@gmail.com" target=3D"_blank">pgiesin@gmail.com</a=
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, = 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Full_Name: Peter Giesin<br> Version: 2.4.13<br> OS: Red Hat 5.2<br> URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ftp://f= tp.openldap.org/incoming/</a><br> Submission from: (NULL) (24.187.213.234)<br> <br> <br> Enabled both accesslog and ppolicy overlays (configurations included below)= . All<br> attempts to bind with an invalid password causes the server to crash and<br=
database to be corrupted. If you disable either of the overlays or just the= <br> "logold" setting of the accesslog the behavior is no longer notic= ed.<br> </blockquote> <br> Interesting, for me only the first attempt crashed; after restarting the sa= me attempt just failed normally. Anyway, thanks for the report, this is now= fixed in HEAD.<br> <br> <blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, = 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> overlay ppolicy<br> ppolicy_default cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br> ppolicy_use_lockout TRUE<br> ppolicy_hash_cleartext TRUE<br> <br> overlay accesslog<br> logdb cn=3Dlog<br> logops all<br> logold (objectclass=3D*)<br> logpurge 5+00:00 1+00:00<br> logsuccess TRUE<br> <br> dn: cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br> cn: Standard<br> description: Standard password policy.<br> pwdAttribute: 2.5.4.35<br> pwdMinAge: 60<br> # 30 days: 60 sec * 60 min * 24 hr * 30 days<br> pwdMaxAge: 2592000<br> pwdCheckQuality: 1<br> pwdMinLength: 7<br> # Warn three days in advance<br> pwdExpireWarning: 259200<br> pwdGraceAuthNLimit: 3<br> pwdLockout: TRUE<br> pwdLockoutDuration: 1200<br> pwdMaxFailure: 3<br> pwdFailureCountInterval: 1200<br> pwdMustChange: TRUE<br> pwdAllowUserChange: TRUE<br> pwdSafeModify: TRUE<br> objectclass: device<br> objectclass: pwdPolicy<br> <br> <br> </blockquote> <br> <br> -- <br> =C2=A0-- Howard Chu<br> =C2=A0CTO, Symas Corp. =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http:= //www.symas.com" target=3D"_blank">http://www.symas.com</a><br> =C2=A0Director, Highland Sun =C2=A0 =C2=A0 <a href=3D"http://highlandsun.c= om/hyc/" target=3D"_blank">http://highlandsun.com/hyc/</a><br> =C2=A0Chief Architect, OpenLDAP =C2=A0<a href=3D"http://www.openldap.org/p= roject/" target=3D"_blank">http://www.openldap.org/project/</a><br> </blockquote></div><br>
--000e0cd4d91a91c2d40463f28568--