https://bugs.openldap.org/show_bug.cgi?id=10379
Issue ID: 10379 Summary: lastbind change prevents ppolicy response from reaching accesslog Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: ondra@mistotebe.net Target Milestone: ---
When "lastbind on" and ppolicy are configured together, the pwdLastSuccess update triggers an accesslog entry (using op->o_time, op->o_tincr), then ppolicy_bind_response issues its own modification and since the time was copied in lastbind, an entry of the same name already exists. This means the ppolicy change is lost (and e.g. won't replicate).
Note that slapo-lastbind (=the contrib overlay) probably has the same impact.
https://bugs.openldap.org/show_bug.cgi?id=10379
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |ondra@mistotebe.net Keywords|needs_review | Target Milestone|--- |2.6.11
https://bugs.openldap.org/show_bug.cgi?id=10379
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- main:
• 50026045 by Ondřej Kuzník at 2025-08-05T15:35:34+00:00 ITS#10379 Use a fresh timestamp for lastbind mod
• 52a8419b by Ondřej Kuzník at 2025-09-02T20:37:51+00:00 ITS#10379 slapo-lastbind: Use a fresh timestamp for lastbind mod
RE26:
• 78c9bdd5 by Ondřej Kuzník at 2025-09-08T23:09:39+00:00 ITS#10379 Use a fresh timestamp for lastbind mod
• 8b8297c3 by Ondřej Kuzník at 2025-09-08T23:13:09+00:00 ITS#10379 slapo-lastbind: Use a fresh timestamp for lastbind mod
https://bugs.openldap.org/show_bug.cgi?id=10379
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
-
openldap-its@openldap.org