Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue in the ppolicy overlay that can crash slapd. Please also consider SRUing the patch after it has had some testing time.
1: ppolicy overlay configured with pwdLockout: TRUE
2. smbk5pwd overlay stacked after ppolicy
3. an account locked out via pwdAccountLockedTime
4. a client binding to the locked-out account and also requesting the ppolicy control
The buggy code is not as specific as the above steps, so I suspect there are probably other configurations or steps that can trigger the same crash.
I will attach my test script and data for reproducing the crash.
Hello,
Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue in the ppolicy overlay that can crash slapd. Please also consider SRUing the patch after it has had some testing time.
Upstream: https:/ /openldap. org/its/ ?findid= 9171 /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 953150
Debian: https:/
The ingredients for the crash are:
1: ppolicy overlay configured with pwdLockout: TRUE dTime
2. smbk5pwd overlay stacked after ppolicy
3. an account locked out via pwdAccountLocke
4. a client binding to the locked-out account and also requesting the ppolicy control
The buggy code is not as specific as the above steps, so I suspect there are probably other configurations or steps that can trigger the same crash.
I will attach my test script and data for reproducing the crash.
Expected output (last lines):
[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd running
Actual output (last lines):
[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd dead