From 20fd4706f54a2817f6dc6b60336c142410140eae Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 4 Jan 2011 15:50:08 +0000
Subject: [PATCH] ITS#6620

---
 CHANGES                          |  1 +
 servers/slapd/overlays/ppolicy.c | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index da1a9b8f7d..e224f5b1a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -49,6 +49,7 @@ OpenLDAP 2.4.24 Engineering
 	Fixed slapo-pcache callback freeing (ITS#6640)
 	Fixed slapo-pcache to ignore undefined attrs (ITS#6600)
 	Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
+	Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620)
 	Fixed slapo-refint when last group member is deleted (ITS#6663)
 	Fixed slapo-refint with subtree rename (ITS#6730)
 	Fixed slapo-sssvlv initialization (ITS#6649)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 4064d003a2..930b1532ca 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1969,23 +1969,26 @@ do_modify:
 		timestamp.bv_len = sizeof(timebuf);
 		slap_timestamp( &now, &timestamp );
 
-		mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
-		mods->sml_desc = ad_pwdChangedTime;
+		mods = NULL;
 		if (pwmop != LDAP_MOD_DELETE) {
+			mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
 			mods->sml_op = LDAP_MOD_REPLACE;
 			mods->sml_numvals = 1;
 			mods->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
 			ber_dupbv( &mods->sml_values[0], &timestamp );
 			BER_BVZERO( &mods->sml_values[1] );
 			assert( !BER_BVISNULL( &mods->sml_values[0] ) );
-
-		} else {
+		} else if (attr_find(e->e_attrs, ad_pwdChangedTime )) {
+			mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
 			mods->sml_op = LDAP_MOD_DELETE;
 		}
-		mods->sml_flags = SLAP_MOD_INTERNAL;
-		mods->sml_next = NULL;
-		modtail->sml_next = mods;
-		modtail = mods;
+		if (mods) {
+			mods->sml_desc = ad_pwdChangedTime;
+			mods->sml_flags = SLAP_MOD_INTERNAL;
+			mods->sml_next = NULL;
+			modtail->sml_next = mods;
+			modtail = mods;
+		}
 
 		if (attr_find(e->e_attrs, ad_pwdGraceUseTime )) {
 			mods = (Modifications *) ch_calloc( sizeof( Modifications ), 1 );
-- 
GitLab