Hi. The attached patch updates the test slapd config to support OpenLDAP
2.5 in addition to 2.4.
However the test_pamcmds script fails with the new version. The login
with the correct password fails, the issue seems to be (from nslcd.log):
2.4/good:
nslcd: [a88611] <authc="vsefcovic"> DEBUG: got
LDAP_CONTROL_PASSWORDPOLICYRESPONSE (No error)
nslcd: [a88611] <authc="vsefcovic"> DEBUG: myldap_search(base="cn=Veronica
Sefcovic+uid=vsefcovic,ou=lotsofpeople,dc=test,dc=tld", filter="(objectClass=*)")
nslcd: [a88611] <authc="vsefcovic"> DEBUG: ldap_result(): cn=Veronica
Sefcovic+uid=vsefcovic,ou=lotsofpeople,dc=test,dc=tld
2.5/bad:
nslcd: [a88611] <authc="vsefcovic"> DEBUG: got
LDAP_CONTROL_PASSWORDPOLICYRESPONSE (Password must be changed)
nslcd: [a88611] <authc="vsefcovic"> DEBUG: myldap_search(base="cn=Veronica
Sefcovic+uid=vsefcovic,ou=lotsofpeople,dc=test,dc=tld", filter="(objectClass=*)")
nslcd: [a88611] <authc="vsefcovic"> ldap_result() failed: Insufficient access:
Operations are restricted to bind/unbind/abandon/StartTLS/modify password
Still looking into it, not sure why the new ppolicy wants the password
changed after it was just reset earlier.
>From 333260bde9b87cdc5362904f46507ea7ca06bc89 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <r...@nardis.ca>
Date: Fri, 4 Jun 2021 10:36:23 -0700
Subject: [PATCH] Support running tests with OpenLDAP 2.5
- Change database backend to LMDB
- Load external ppolicy schema conditionally
---
tests/config.ldif | 16 ++++++----------
tests/setup_slapd.sh | 4 ++++
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/tests/config.ldif b/tests/config.ldif
index 66ae428..3e1164e 100644
--- a/tests/config.ldif
+++ b/tests/config.ldif
@@ -10,7 +10,7 @@ olcTimeLimit: unlimited
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
-olcModuleLoad: back_bdb
+olcModuleLoad: back_mdb
olcModuleLoad: ppolicy
dn: cn=schema,cn=config
@@ -22,7 +22,7 @@ include: file:///etc/ldap/schema/cosine.ldif
include: file:///etc/ldap/schema/nis.ldif
include: file:///etc/ldap/schema/inetorgperson.ldif
include: file:///etc/ldap/schema/misc.ldif
-include: file:///etc/ldap/schema/ppolicy.ldif
+#PPOLICY#include: file:///etc/ldap/schema/ppolicy.ldif
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
@@ -83,10 +83,10 @@ olcAccess: to *
by * break
olcRootDN: cn=admin,cn=config
-dn: olcDatabase={1}bdb,cn=config
+dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
-objectClass: olcBdbConfig
-olcDatabase: {1}bdb
+objectClass: olcmdbConfig
+olcDatabase: {1}mdb
olcDbDirectory: @BASEDIR@/ldapdb
olcSuffix: dc=test,dc=tld
olcAccess: to attrs=userPassword
@@ -106,13 +106,9 @@ olcAccess: to *
olcRootDN: cn=admin,dc=test,dc=tld
olcRootPW: test
olcDbCheckpoint: 512 30
-olcDbConfig: set_cachesize 0 2097152 0
-olcDbConfig: set_lk_max_objects 1500
-olcDbConfig: set_lk_max_locks 1500
-olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
-dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config
+dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
diff --git a/tests/setup_slapd.sh b/tests/setup_slapd.sh
index 8f8874f..2534079 100755
--- a/tests/setup_slapd.sh
+++ b/tests/setup_slapd.sh
@@ -94,6 +94,10 @@ case "$2" in
echo "Loading cn=config..."
tmpldif=`mktemp -t slapadd.XXXXXX`
sed "s|@BASEDIR@|$basedir|g" < "$srcdir/config.ldif" > "$tmpldif"
+ if [ -f /etc/ldap/schema/ppolicy.ldif ]
+ then
+ sed -i "s|#PPOLICY#||g" "$tmpldif"
+ fi
slapadd -v -F "$basedir/slapd.d" -b "cn=config" -l "$tmpldif" || (echo " FAILED"; exit 1)
rm -f "$tmpldif"
echo "Loading dc=test,dc=tld..."
--
2.20.1
