Full_Name: Jonathan Clarke Version: RE24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-ppolicy-20090819.patch Submission from: (NULL) (82.67.204.30)

Hi,

In the password policy overlay, the function ppolicy_bind_response() contains:

Operation op2 = *op; [...] op2.orm_modlist = mod; [...] rc = op2.o_bd->be_modify( &op2, &r2 );

This reuses the original Operation structure (a BIND request) to perform a modification operation. The code changes the value orm_modlist, which is actually in the OpRequest union. This union is thereafter referred to as containing a req_modify_s, not a req_bind_s as before, since this is now a modification operation.

However, other fields from req_modify_s are not updated and are interpreted with values set by the bind operation. In particular orm_no_opattrs is set to != 0 (bv_len of the credentials, actually), which causes modifications done by the overlay not to cause updates to operational attributes (which ultimately means these updates are not replicated if we're on a syncrepl provider, which is how I came across this).

Sorry for the long explanation, which may seem obvious to those familiar with these structures.

The patch above corrects *this* issue. I'm unsure whether orm_increment should also be reset? Probably, I'm guessing.

Regards, Jonathan