#584 Existence of an entry is not checked when its password is to be deleted
Closed: wontfix None Opened 11 years ago by nhosoi.

Steps:
0. assume there is no entry which dn is uid=tuser1,,ou=People,dc=example,dc=com

  1. delete a password of the non-existing entry

    $ ldapmodify ... << EOF
    dn: uid=tuser1,,ou=People,dc=example,dc=com
    changetype: modify
    delete: userpassword
    (userpassword: tuser1)
    EOF

If the bind user has the privilege to delete the password, the operation crashes the server.


Bug description: When attempting to delete a password from an
entry, a password syntax checking api check_pw_syntax_ext missed
a check if the target entry exists or not. Note: add and replace
checks it and handles the case correctly.

Fix description: In this patch the check is added to the delete
case, as well.

Reviewed by Rich (Thank you!!)

Pushed to master: commit d559d46

Pushed to 389-ds-base-1.3.0: commit 4dcf155

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.0.3

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/584

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata