--000e0cd4d91a91c2d40463f28568
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Since the database was corrupted (we were getting a Segmentation Fault when
restarting the server) we simply removed the database. I guess if we
recovered the database instead we would have gotten the same results.
Thanks for the quick fix.
Pete
On Fri, Feb 27, 2009 at 10:44 PM, Howard Chu <hyc(a)symas.com> wrote:
pgiesin(a)gmail.com wrote:
> Full_Name: Peter Giesin
> Version: 2.4.13
> OS: Red Hat 5.2
> URL:
ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (24.187.213.234)
> Enabled both accesslog and
ppolicy overlays (configurations included
> below). All
> attempts to bind with an invalid password causes the server to crash and
> database to be corrupted. If you disable either of the overlays or just
> the
> "logold" setting of the accesslog the behavior is no longer noticed.
Interesting, for me only the first attempt crashed; after restarting the
same attempt just failed normally. Anyway, thanks for the report, this is
now fixed in HEAD.
overlay ppolicy
> ppolicy_default cn=Standard,ou=Policies,dc=amwater,dc=com
> ppolicy_use_lockout TRUE
> ppolicy_hash_cleartext TRUE
> overlay accesslog
> logdb cn=log
> logops all
> logold (objectclass=*)
> logpurge 5+00:00 1+00:00
> logsuccess TRUE
> dn: cn=Standard,ou=Policies,dc=amwater,dc=com
> cn: Standard
> description: Standard password policy.
> pwdAttribute: 2.5.4.35
> pwdMinAge: 60
> # 30 days: 60 sec * 60 min * 24 hr * 30 days
> pwdMaxAge: 2592000
> pwdCheckQuality: 1
> pwdMinLength: 7
> # Warn three days in advance
> pwdExpireWarning: 259200
> pwdGraceAuthNLimit: 3
> pwdLockout: TRUE
> pwdLockoutDuration: 1200
> pwdMaxFailure: 3
> pwdFailureCountInterval: 1200
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> pwdSafeModify: TRUE
> objectclass: device
> objectclass: pwdPolicy
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/
--000e0cd4d91a91c2d40463f28568
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Since the database was corrupted (we were getting a Segmentation Fault when=
restarting the server) we simply removed the database. I guess if we recov=
ered the database instead we would have gotten the same results.<br><br
Thanks for the quick
fix.<br><br>Pete<br><br><div
class=3D"gmail_quote">On =
Fri, Feb 27, 2009 at 10:44 PM, Howard Chu <span dir=3D"ltr"><<a
href=3D"=
mailto:hyc@symas.com">hyc@symas.com</a>></span>
wrote:<br><blockquote cl=
ass=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204);
mar=
gin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"
<a
href=3D"mailto:pgiesin@gmail.com"
target=3D"_blank">pgiesin(a)gmail.com</a=
wrote:<br>
<blockquote class=3D"gmail_quote"
style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"
Full_Name: Peter Giesin<br
Version:
2.4.13<br
OS: Red Hat 5.2<br
URL: <a
href=3D"ftp://ftp.openldap.org/incoming/"
target=3D"_blank">ftp://f=
tp.openldap.org/incoming/</a><br
Submission from: (NULL) (24.187.213.234)<br
<br
<br
Enabled
both accesslog and ppolicy overlays (configurations included below)=
. All<br
attempts to bind with an invalid
password causes the server to crash and<br=
database to be corrupted. If you disable either of the overlays
or just the=
<br
"logold" setting of the accesslog the
behavior is no longer notic=
ed.<br
</blockquote
<br
Interesting, for me only the first
attempt crashed; after restarting the sa=
me attempt just failed normally. Anyway, thanks for the report, this is now=
fixed in HEAD.<br
<br
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid
rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"
overlay ppolicy<br
ppolicy_default cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br
ppolicy_use_lockout TRUE<br
ppolicy_hash_cleartext TRUE<br
<br
overlay accesslog<br
logdb cn=3Dlog<br
logops
all<br
logold (objectclass=3D*)<br
logpurge 5+00:00 1+00:00<br
logsuccess TRUE<br
<br
dn:
cn=3DStandard,ou=3DPolicies,dc=3Damwater,dc=3Dcom<br
cn:
Standard<br
description: Standard password
policy.<br
pwdAttribute: 2.5.4.35<br
pwdMinAge: 60<br
# 30
days: 60 sec * 60 min * 24 hr * 30 days<br
pwdMaxAge: 2592000<br
pwdCheckQuality: 1<br
pwdMinLength: 7<br
# Warn
three days in advance<br
pwdExpireWarning: 259200<br
pwdGraceAuthNLimit: 3<br
pwdLockout: TRUE<br
pwdLockoutDuration: 1200<br
pwdMaxFailure: 3<br
pwdFailureCountInterval: 1200<br
pwdMustChange: TRUE<br
pwdAllowUserChange: TRUE<br
pwdSafeModify: TRUE<br
objectclass: device<br
objectclass: pwdPolicy<br
<br
<br
</blockquote
<br
<br
-- <br
=C2=A0-- Howard Chu<br
=C2=A0CTO, Symas Corp. =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http:=
//www.symas.com"
target=3D"_blank">http://www.symas.com</a><br
=C2=A0Director, Highland Sun =C2=A0 =C2=A0 <a
href=3D"http://highlandsun.c=
om/hyc/"
target=3D"_blank">http://highlandsun.com/hyc/</a><br
=C2=A0Chief Architect, OpenLDAP =C2=A0<a
href=3D"http://www.openldap.org/p=
roject/"
target=3D"_blank">http://www.openldap.org/project/</a>...
</blockquote></div><br
--000e0cd4d91a91c2d40463f28568--