upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#9625 - Fix handling when pwdChangedTime is not present

Browse source 
Add a check to see if pwdChangedTime was actually present on the entry. If not, skip the expiry check.

Additionally change the debug log statement to TRACE instead of ANY, as the message is informational.
This commit is contained in:
Quanah Gibson-Mount 2021-08-03 21:45:02 +00:00
parent 8b24104d1a
commit 27a5424371
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
servers/slapd/overlays/ppolicy.c
View file

@ -1809,8 +1809,13 @@ check_expiring_password:
* If the password has expired, and we're in the grace period, then
* we don't need to do this bit. Similarly, if we don't have password
* aging, then there's no need to do this bit either.
*
* If pwdtime is -1 there is no password Change Time attribute on the
* entry so we skip the expiry check.
*
*/
if ((ppb->pp.pwdMaxAge < 1) || (pwExpired) || (ppb->pp.pwdExpireWarning < 1))
if ((ppb->pp.pwdMaxAge < 1) || (pwExpired) || (ppb->pp.pwdExpireWarning < 1) ||
(pwtime == -1))
goto done;
age = (int)(now - pwtime);
@ -1829,7 +1834,7 @@ check_expiring_password:
warn = ppb->pp.pwdMaxAge - age; /* seconds left until expiry */
if (warn < 0) warn = 0; /* something weird here - why is pwExpired not set? */
Debug( LDAP_DEBUG_ANY,
Debug( LDAP_DEBUG_TRACE,
"ppolicy_bind: Setting warning for password expiry for %s = %d seconds\n",
op->o_req_dn.bv_val, warn );
}