enterprise-support team mailing list archive

[Ryan Tandy <1866303@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Hello,

Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue
in the ppolicy overlay that can crash slapd. Please also consider SRUing
the patch after it has had some testing time.

Upstream: https://openldap.org/its/?findid=9171
Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

The ingredients for the crash are:

1: ppolicy overlay configured with pwdLockout: TRUE
2. smbk5pwd overlay stacked after ppolicy
3. an account locked out via pwdAccountLockedTime
4. a client binding to the locked-out account and also requesting the ppolicy control

The buggy code is not as specific as the above steps, so I suspect there
are probably other configurations or steps that can trigger the same
crash.

I will attach my test script and data for reproducing the crash.

Expected output (last lines):

[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd running

Actual output (last lines):

[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd dead

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openldap (Debian)
     Importance: Unknown
         Status: Unknown

** Bug watch added: Debian Bug tracker #953150
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

** Also affects: openldap (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1866303

Title:
  slapd crash with pwdAccountLockedTime and stacked overlays

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+subscriptions