upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

according to draft-behera, this attribute only affects password modifies by self (ITS#7021)

Browse source
This commit is contained in:
Pierangelo Masarati 2011-08-20 18:50:33 -06:00
parent 433812db38
commit bdbdae3e5f
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
servers/slapd/overlays/ppolicy.c
View file

@ -1792,7 +1792,10 @@ ppolicy_modify( Operation *op, SlapReply *rs )
if (be_isroot( op )) goto do_modify;
if (!pp.pwdAllowUserChange) {
/* NOTE: according to draft-behera-ldap-password-policy
* pwdAllowUserChange == FALSE must only prevent pwd changes
* by the user the pwd belongs to (ITS#7021) */
if (!pp.pwdAllowUserChange && dn_match(&op->o_req_ndn, &op->o_ndn)) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "User alteration of password is not allowed";
pErr = PP_passwordModNotAllowed;