Same settings, same problem. I got the following error: --------------------Apr 05 17:26:09 ldap-pp01 slapd[1773]: conn=1000 op=1 BIND dn="cn=karl klammer,ou=users,dc=example,dc=net" method=128 Apr 05 17:26:09 ldap-pp01 slapd[1773]: slap_get_csn: conn=1000 op=1 generated new csn=20230405152609.438542Z#000000#000#000000 manage=1 Apr 05 17:26:09 ldap-pp01 slapd[1773]: slap_queue_csn: queueing 0x7fb95c019210 20230405152609.438542Z#000000#000#000000 Apr 05 17:26:09 ldap-pp01 slapd[1773]: slapd: schema_check.c:89: entry_schema_check: Assertion `a->a_vals[0].bv_val != NULL' failed. Apr 05 17:26:09 ldap-pp01 systemd[1]: symas-openldap-server.service: Main process exited, code=killed, status=6/ABRT Apr 05 17:26:09 ldap-pp01 systemd[1]: symas-openldap-server.service: Failed with result 'signal'.
--------------------As soon as I remove pwdMaxDelay and pwdMinDelay slapd will not chrash when a user tries the wrong password.
The problem seams to be pwdMaxDelay, setting pwdMinDelay alone then everything is ok.
Am 04.04.23 um 19:49 schrieb Paulo Ricardo Bruck:
Hi All
Using :
Ubuntu 22.04
slapd 2.5.14+dfsg-0ubuntu0.22.04.1 amd64
policy:
# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}memberof
olcModuleLoad: {2}refint
olcModuleLoad: {3}ppolicy
# {2}ppolicy, {1}mdb, config
dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {2}ppolicy
olcPPolicyDefault: cn=default_policies,ou=policies,dc=contatogs,dc=com,dc=br
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
# contatogs-ppolicy, Policies, contatogs.com.br
dn: cn=contatogs-ppolicy,ou=Policies,dc=contatogs,dc=com,dc=br
objectClass: top
objectClass: person
objectClass: pwdPolicy
cn: contatogs-ppolicy
sn: policies
pwdAttribute: userPassword
pwdMinAge: 0
pwdInHistory: 6
pwdCheckQuality: 2
pwdMinLength: 8
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 3
pwdFailureCountInterval: 1800
pwdAllowUserChange: TRUE
pwdMaxRecordedFailure: 3
Using a simple ldapsearch with correct user and password works fine.
xxx is the correct password
root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD
uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w xxx |wc -l
10725
Using wrong password : (yyy)
root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD
uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l
ldap_bind: Invalid credentials (49)
0
So far so good but if I insert :
pwdMaxDelay: 40
pwdMinDelay: 4
test with correct password is ok ( xxx)
root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD
uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w xxx |wc -l
10725
But if I test with a wrong password ( yyy) I got:
root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD
uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l
ldap_result: Can't contact LDAP server (-1)
0
my openldap stop working.........Active: inactive (dead)
root@zeus:/usr/lib/python3/dist-packages# systemctl status -l slapd
○ slapd.service - LSB: OpenLDAP standalone server (Lightweight Director>
Loaded: loaded (/etc/init.d/slapd; generated)
Drop-In: /usr/lib/systemd/system/slapd.service.d
└─slapd-remain-after-exit.conf
Active: inactive (dead) since Tue 2023-04-04 14:44:49 -03; 20s ago
Docs: man:systemd-sysv-generator(8)
Process: 986673 ExecStart=/etc/init.d/slapd start (code=exited, sta>
Process: 986688 ExecStop=/etc/init.d/slapd stop (code=exited, statu>
CPU: 47ms
Apr 04 14:44:46 zeus slapd[986679]: auxpropfunc error invalid parameter>
Apr 04 14:44:46 zeus slapd[986679]: _sasl_plugin_load failed on sasl_au>
Apr 04 14:44:46 zeus slapd[986679]: ldapdb_canonuser_plug_init() failed>
Apr 04 14:44:46 zeus slapd[986679]: _sasl_plugin_load failed on sasl_ca>
Apr 04 14:44:46 zeus slapd[986680]: slapd starting
Apr 04 14:44:46 zeus slapd[986673]: ...done.
Apr 04 14:44:46 zeus systemd[1]: Started LSB: OpenLDAP standalone serve>
Apr 04 14:44:49 zeus slapd[986688]: * Stopping OpenLDAP slapd
Apr 04 14:44:49 zeus slapd[986688]: ...done.
Apr 04 14:44:49 zeus systemd[1]: slapd.service: Deactivated successfull
What am I doing wrong????
Cheers
smime.p7s
Description: S/MIME Cryptographic Signature
