Commit ab0f804c authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5146

parent 46a6131d
......@@ -5,6 +5,7 @@ OpenLDAP 2.4.7 Engineering
Fixed slapd sasl-host parsing (ITS#5209)
Fixed slapd filter normalization (ITS#5212)
Fixed slapd multiple sufix checking (ITS#5186)
Fixed slapo-ppolicy single password check on modify (ITS#5146)
Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
Updated contrib addpartial module (ITS#3593)
......
......@@ -1559,8 +1559,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
if ((ml->sml_op == LDAP_MOD_ADD) ||
(ml->sml_op == LDAP_MOD_REPLACE))
{
addmod = ml;
/* FIXME: there's no easy way to ensure
* that add does not cause multiple
* userPassword values; one way (that
......@@ -1572,13 +1570,15 @@ ppolicy_modify( Operation *op, SlapReply *rs )
* Let's check at least that a single value
* is being added
*/
assert( addmod->sml_values != NULL );
assert( !BER_BVISNULL( &addmod->sml_values[ 0 ] ) );
if ( !BER_BVISNULL( &addmod->sml_values[ 1 ] ) ) {
assert( ml->sml_values != NULL );
assert( !BER_BVISNULL( &ml->sml_values[ 0 ] ) );
if ( addmod || !BER_BVISNULL( &ml->sml_values[ 1 ] ) ) {
rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
rs->sr_text = "Password policy only allows one password value";
goto return_results;
}
addmod = ml;
}
} else if ( !is_at_operational( ml->sml_desc->ad_type ) ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment