https://bugs.openldap.org/show_bug.cgi?id=9293
Issue ID: 9293 Summary: slapo-ppolicy stores pwdGraceUseTime only with seconds Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: michael@stroeder.com Target Milestone: ---
If password is expired slapo-ppolicy can return the number of grace logins for changing own password (graceAuthNsRemaining).
slapd derives graceAuthNsRemaining from number of pwdGraceUseTime values. But those timestamps are only stored with a granularity of a second.
Thus multiple grace logins are possible within a second without decremeting graceAuthNsRemaining value.
This is unexpected and also leads to absurd work-arounds when writing automated tests like this:
https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py#L...
Either a real Integer counter should be used or fraction of seconds should be used in pwdGraceUseTime values.
This is a similar problem like pwdFailureTime solved in ITS#7161.
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.0 Keywords| |OL_2_5_REQ
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7161
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.5.1
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.1 |2.5.3 Keywords| |reviewed Assignee|bugs@openldap.org |ondra@mistotebe.net
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Target Milestone|2.5.3 |2.5.2 Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ, reviewed |
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- • a3c49b87 by Ondřej Kuzník at 2021-02-24T17:03:22+00:00 ITS#9293 Store microseconds in pwdGraceUseTime
https://bugs.openldap.org/show_bug.cgi?id=9293
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org