From a030aacc39dac71ba4005e6443b271d671fc72ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Wed, 3 Jun 2020 11:09:34 +0100
Subject: [PATCH] ITS#7788 Allow pwdFailureTime tracking be disabled in policy

---
 servers/slapd/overlays/ppolicy.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 88039249fe..f3bed2dac5 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -759,8 +759,6 @@ ppolicy_get_default( PassPolicy *pp )
 
 	/* Users can change their own password by default */
 	pp->pwdAllowUserChange = 1;
-	if ( !pp->pwdMaxRecordedFailure )
-		pp->pwdMaxRecordedFailure = PPOLICY_DEFAULT_MAXRECORDED_FAILURE;
 }
 
 
@@ -907,7 +905,7 @@ ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 
 	if ( pp->pwdMaxRecordedFailure < pp->pwdMaxFailure )
 		pp->pwdMaxRecordedFailure = pp->pwdMaxFailure;
-	if ( !pp->pwdMaxRecordedFailure )
+	if ( !pp->pwdMaxRecordedFailure && pp->pwdMinDelay )
 		pp->pwdMaxRecordedFailure = PPOLICY_DEFAULT_MAXRECORDED_FAILURE;
 
 	if ( pp->pwdMinDelay && !pp->pwdMaxDelay ) {
@@ -1349,7 +1347,7 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
 	snprintf( timestamp_usec.bv_val + timestamp_usec.bv_len-1, sizeof(".123456Z"), ".%06dZ", now_usec.tt_usec );
 	timestamp_usec.bv_len += STRLENOF(".123456");
 
-	if ( rs->sr_err == LDAP_INVALID_CREDENTIALS ) {
+	if ( rs->sr_err == LDAP_INVALID_CREDENTIALS && ppb->pp.pwdMaxRecordedFailure ) {
 		int i = 0;
 
 		m = ch_calloc( sizeof(Modifications), 1 );