Hide Forgot
Created attachment 525132 [details] Slapd configuration file for slaptest Description of problem: I think it is a regression, because the test cases works fine on RHEL 6.1. Version-Release number of selected component (if applicable): openldap-servers-2.4.23-19.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.slapadd -l data.ldif (data.ldif is in attachement) 3.Test MinAge: - Change the password. echo "dn: uid=ldap1,ou=People,$DN" > mod.ldif echo "changetype: modify" >> mod.ldif echo "replace: userPassword" >> mod.ldif echo "userPassword: 12345678" >> mod.ldif rlRun "ldapmodify -D uid=ldap1,ou=People,$DN -w 123456 -x -f mod.ldif" 0 rm -f mod.ldif - MinAge should apply. echo "dn: uid=ldap1,ou=People,$DN" > mod.ldif echo "changetype: modify" >> mod.ldif echo "replace: userPassword" >> mod.ldif echo "userPassword: 1234567" >> mod.ldif rlRun "ldapmodify -D uid=ldap1,ou=People,$DN -w 12345678 -x -f mod.ldif" 19 rm -f mod.ldif - MinAge should not apply. sleep 6 echo "dn: uid=ldap1,ou=People,$DN" > mod.ldif echo "changetype: modify" >> mod.ldif echo "replace: userPassword" >> mod.ldif echo "userPassword: 1234567" >> mod.ldif rlRun "ldapmodify -D uid=ldap1,ou=People,$DN -w 12345678 -x -f mod.ldif" 0 rm -f mod.ldif 4. Test MaxAge: # Password should be still valid. sleep 6 rlRun "ldapsearch -b $DN -D uid=ldap1,ou=People,$DN -w 1234567 -x" 0 # Password should be expired, but graceLimit allows 1. sleep 6 rlRun "ldapsearch -b $DN -D uid=ldap1,ou=People,$DN -w 1234567 -x" 0 # Password should be expired, but graceLimit allows 2. sleep 6 rlRun "ldapsearch -b $DN -D uid=ldap1,ou=People,$DN -w 1234567 -x" 0 # Password should be expired and gracelimit expired 3. sleep 6 rlRun "ldapsearch -b $DN -D uid=ldap1,ou=People,$DN -w 1234567 -x" 49 Actual results: FAIL in test cases MinAge should apply, MinAge should not apply and Password should be expired, but graceLimit allows 2. Expected results: Failing three test cases works fine (as on RHEL 6.1)
Created attachment 525133 [details] data.ldif
I'm unable to reproduce on openldap-servers-2.4.23-19.el6 (the same version). The configuration is unaltered (except for olcRootPW). I created reproducer.sh to run all the commands. Multiple runs, always the same result: # ./reproduce.sh + DN=dc=my-domain,dc=com + echo == PREP == == PREP == + ldapmodify -D cn=Manager,dc=my-domain,dc=com -w password -x modifying entry "uid=ldap1,ou=People,dc=my-domain,dc=com" + echo 0 0 + sleep 6 + echo '== MIN AGE ==' == MIN AGE == + ldapmodify -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 123456 -x modifying entry "uid=ldap1,ou=People,dc=my-domain,dc=com" + echo 0 0 + ldapmodify -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 12345678 -x modifying entry "uid=ldap1,ou=People,dc=my-domain,dc=com" ldap_modify: Constraint violation (19) additional info: Password is too young to change + echo 19 19 + sleep 6 + ldapmodify -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 12345678 -x modifying entry "uid=ldap1,ou=People,dc=my-domain,dc=com" + echo 0 0 + echo '== MAX AGE ==' == MAX AGE == + sleep 6 + ldapsearch -b dc=my-domain,dc=com -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 1234567 -x + echo 0 0 + sleep 6 + ldapsearch -b dc=my-domain,dc=com -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 1234567 -x + echo 0 0 + sleep 6 + ldapsearch -b dc=my-domain,dc=com -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 1234567 -x + echo 0 0 + sleep 6 + ldapsearch -b dc=my-domain,dc=com -D uid=ldap1,ou=People,dc=my-domain,dc=com -w 1234567 -x ldap_bind: Invalid credentials (49) + echo 49 49 Please, can you recheck?
I recheck this. I am sorry to you, but it isn't problem with openldap. The problem is with beaker, sometimes happened one or two seconds delay between run the commands, then this time addict test fails.