upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-10 08:53:27 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#4692 entries without pwdChangedTime attribute have non-expiring pw

Browse source
This commit is contained in:
Howard Chu 2006-10-03 09:25:54 +00:00
parent 97d6565d52
commit e9ecaa5d81
1 changed files with 3 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
servers/slapd/overlays/ppolicy.c
View file

@ -1014,26 +1014,12 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
* we now check whether the password has expired.
*
* We can skip this bit if passwords don't age in
* the policy.
* the policy. Also, if there was no pwdChangedTime
* attribute in the entry, the password never expires.
*/
if (ppb->pp.pwdMaxAge == 0) goto grace;
if (pwtime == (time_t)-1) {
/*
* Hmm. No password changed time on the
* entry. This is odd - it should have
* been provided when the attribute was added.
*
* However, it's possible that it could be
* missing if the DIT was established via
* an import process.
*/
Debug( LDAP_DEBUG_ANY,
"ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n",
e->e_name.bv_val, 0, 0);
pwExpired = 1;
} else {
if (pwtime != (time_t)-1) {
/*
* Check: was the last change time of
* the password older than the maximum age