Commit 7f355b0f authored by Howard Chu's avatar Howard Chu
Browse files

ITS#4692 fix from HEAD

parent b4019329
...@@ -827,26 +827,12 @@ ppolicy_bind_resp( Operation *op, SlapReply *rs ) ...@@ -827,26 +827,12 @@ ppolicy_bind_resp( Operation *op, SlapReply *rs )
* we now check whether the password has expired. * we now check whether the password has expired.
* *
* We can skip this bit if passwords don't age in * We can skip this bit if passwords don't age in
* the policy. * the policy. Also, if there was no pwdChangedTime
* attribute in the entry, the password never expires.
*/ */
if (ppb->pp.pwdMaxAge == 0) goto grace; if (ppb->pp.pwdMaxAge == 0) goto grace;
if (pwtime == (time_t)-1) { if (pwtime != (time_t)-1) {
/*
* Hmm. No password changed time on the
* entry. This is odd - it should have
* been provided when the attribute was added.
*
* However, it's possible that it could be
* missing if the DIT was established via
* an import process.
*/
Debug( LDAP_DEBUG_ANY,
"ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n",
e->e_name.bv_val, 0, 0);
pwExpired = 1;
} else {
/* /*
* Check: was the last change time of * Check: was the last change time of
* the password older than the maximum age * the password older than the maximum age
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment