From 6b2a341f34b1ecb8e6def029c0d219e2fbba665c Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Tue, 1 Sep 2015 19:19:57 -0700
Subject: [PATCH] ITS#8234 revert to default policy on failure

---
 servers/slapd/overlays/ppolicy.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 2ba376be22..9870e8f073 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -464,6 +464,18 @@ add_passcontrol( Operation *op, SlapReply *rs, LDAPControl *ctrl )
 	return oldctrls;
 }
 
+static void
+ppolicy_get_default( PassPolicy *pp )
+{
+	memset( pp, 0, sizeof(PassPolicy) );
+
+	pp->ad = slap_schema.si_ad_userPassword;
+
+	/* Users can change their own password by default */
+	pp->pwdAllowUserChange = 1;
+}
+
+
 static void
 ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 {
@@ -477,12 +489,7 @@ ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 	const char *text;
 #endif
 
-	memset( pp, 0, sizeof(PassPolicy) );
-
-	pp->ad = slap_schema.si_ad_userPassword;
-
-	/* Users can change their own password by default */
-    	pp->pwdAllowUserChange = 1;
+	ppolicy_get_default( pp );
 
 	if ((a = attr_find( e->e_attrs, ad_pwdPolicySubentry )) == NULL) {
 		/*
@@ -580,6 +587,9 @@ defaultpol:
 
 	Debug( LDAP_DEBUG_TRACE,
 		"ppolicy_get: using default policy\n", 0, 0, 0 );
+
+	ppolicy_get_default( pp );
+
 	return;
 }
 
-- 
GitLab