Commit 27a54243 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#9625 - Fix handling when pwdChangedTime is not present

Add a check to see if pwdChangedTime was actually present on the entry. If not, skip the expiry check.

Additionally change the debug log statement to TRACE instead of ANY, as the message is informational.
parent 8b24104d
......@@ -1809,8 +1809,13 @@ check_expiring_password:
* If the password has expired, and we're in the grace period, then
* we don't need to do this bit. Similarly, if we don't have password
* aging, then there's no need to do this bit either.
*
* If pwdtime is -1 there is no password Change Time attribute on the
* entry so we skip the expiry check.
*
*/
if ((ppb->pp.pwdMaxAge < 1) || (pwExpired) || (ppb->pp.pwdExpireWarning < 1))
if ((ppb->pp.pwdMaxAge < 1) || (pwExpired) || (ppb->pp.pwdExpireWarning < 1) ||
(pwtime == -1))
goto done;
age = (int)(now - pwtime);
......@@ -1829,7 +1834,7 @@ check_expiring_password:
warn = ppb->pp.pwdMaxAge - age; /* seconds left until expiry */
if (warn < 0) warn = 0; /* something weird here - why is pwExpired not set? */
Debug( LDAP_DEBUG_ANY,
Debug( LDAP_DEBUG_TRACE,
"ppolicy_bind: Setting warning for password expiry for %s = %d seconds\n",
op->o_req_dn.bv_val, warn );
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment