-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openldap crash when checkRDN=1 and username contains too short parts #16
Comments
hello when checkRDN=1 in ppm.conf and the user by example with uid = ihsane.el-example try to change password, slapd daemon crash (logfile below) For now, and because a lot of username in our company containing "-", I have changed checkRDN=1 to checkRDN=0 Jul3 15:21:25 openldap-master1 slapd[27844]: conn=1080 op=1 MOD Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: entry cn=ihsane Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: reading config file Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Opening file Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = minQuality, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced value: 3 Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = maxLength, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced value: 0 Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = checkRDN, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced value: 1 Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced value: 0 Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = useCracklib, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced value: 0 Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = cracklibDict, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = class-digit, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: Param = class-special, Jul3 15:21:25 openldap-master1 slapd[27844]: ppm:Accepted replaced Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: 1 point granted for Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: 1 point granted for Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: 1 point granted for Jul3 15:21:25 openldap-master1 slapd[27844]: ppm: 1 point granted for Jul3 15:21:25 openldap-master1 slapd-cli[27897]: [INFO] Using Jul3 15:21:25 openldap-master1 slapd-cli[27902]: [INFO] Halting OpenLDAP... Jul3 15:21:25 openldap-master1 slapd-cli[27904]: [OK] OpenLDAP stopped |
Reproduced successfully with ppm_test and latest ppm recompiled from master branch:
ppm.conf:
|
The bug was not really linked to dashes (-), but to the too short part of RDN (< 3 characters) which leaded to uncompiled regex. |
Fixed in ff79469 |
When username are containing - (dash), and checkRDN is set, ppm crashes and makes OpenLDAP crash.
To be reproduced, debuged and fixed.
The text was updated successfully, but these errors were encountered: