#47900 Adding an entry with an invalid password as rootDN is incorrectly rejected
Closed: Fixed None Opened 5 years ago by mreynolds.

root DN, aka "cn=directory manager", should not be restricted by password policy. During ADD operations the root DN is incorrectly restricted by password policy. Updating an existing entry, doing a MOD, works as expected.


83a6ceb..50820f8 master -> master
commit 50820f8
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Sep 30 10:07:33 2014 -0400

4e34740..ab36560 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit ab36560

8c955b1..99b24d4 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit 99b24d4

0b5f0d6..7b7d092 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 7b7d0929f2129801edb55b8c480f0b8ea8e4a2dc

dd62c75..950390b 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 950390b

The previous patch causes startup issues if a password admin is set...

When we setup backends at server startup we perform add operations, this patch attempts to search backends , while setting up a password policy, before they are actually setup/initialized.

To ssh://git.fedorahosted.org/git/389/ds.git
afc8b06..4711de6 master -> master

commit 4711de6
Author: Mark Reynolds mreynolds@redhat.com
Date: Thu Oct 2 10:17:13 2014 -0400

5353f9f..1bf510c 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit 1bf510c

6ca4422..f9eed02 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit f9eed02

154abc9..46051b4 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 46051b42d3917ff0c899b8480b5374429441f89e

950390b..ed6f09b 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit ed6f09b

this commit breaks 1.2.11, pwdpolicy is not in the pblock. ticket 147 was not backported

I think ticket

https://fedorahosted.org/389/ticket/458

should be also backported:

We use global_slapdFrontendConfig.pw_policy.pw_admin ldap/servers/slapd/libglobs.c

and this field has been introduced in ticket 458.

Replying to [comment:13 gparente]:

I think ticket

https://fedorahosted.org/389/ticket/458

should be also backported:

We use global_slapdFrontendConfig.pw_policy.pw_admin ldap/servers/slapd/libglobs.c

and this field has been introduced in ticket 458.

Ticket 458 was backported to 1.2.11 seven months ago.

But Ludwig is right, ticket 147 was not backported, this is bad. So the fix for 458 has been broken for a long time. Not sure why this never showed up as a compilation error.

Hi Mark,

you are right. Ticket 458 is already backported adding the fields.

Applying the 147 diffs, I have made these new fields disappear again as before ticket 458.

This is an existing problem on all branches cased by the latest patch. I have a new fix that will be going out for review shortly...

Sorry the last patch was for the wrong version of 389. Reworking patch...

ed6f09b..8512405 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

commit 8512405
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Oct 7 14:24:17 2014 -0400

Metadata Update from @gparente:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.33

2 years ago

Login to comment on this ticket.

Metadata