Commit b6ec428a authored by Pierangelo Masarati's avatar Pierangelo Masarati Committed by Quanah Gibson-Mount
Browse files

according to draft-behera, this attribute only affects password modifies by self (ITS#7021)

parent 42314730
......@@ -1788,7 +1788,10 @@ ppolicy_modify( Operation *op, SlapReply *rs )
if (be_isroot( op )) goto do_modify;
if (!pp.pwdAllowUserChange) {
/* NOTE: according to draft-behera-ldap-password-policy
* pwdAllowUserChange == FALSE must only prevent pwd changes
* by the user the pwd belongs to (ITS#7021) */
if (!pp.pwdAllowUserChange && dn_match(&op->o_req_ndn, &op->o_ndn)) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "User alteration of password is not allowed";
pErr = PP_passwordModNotAllowed;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment