From 24eae911b479e7b323de17494470ee2cd3ed575a Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 18 Mar 2015 20:50:19 +0000
Subject: [PATCH] ITS#8080 nssov: use old pwd if it's given

---
 contrib/slapd-modules/nssov/pam.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index 25ed22abdc..45302b55a8 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -808,8 +808,8 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid)
 	if (!BER_BVISEMPTY(&pi.dn))
 		ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
 			&pi.dn);
-	/* supply old pwd only when end-user changing pwd */
-	if (pi.ispwdmgr == 0)
+	/* supply old pwd whenever it's given */
+	if (!BER_BVISEMPTY(&pi.pwd))
 		ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
 			&pi.pwd);
 	if (!BER_BVISEMPTY(&npw))
-- 
GitLab