389-ds-base

Clone
Source Code
GIT

396c932 Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions

Authored and Committed by mreynolds 12 years ago
raw patch tree parent
6 files changed. 66 lines added. 17 lines removed.
ldap/servers/slapd/libglobs.c
file modified
+30 -0
ldap/servers/slapd/proto-slap.h
file modified
+1 -0
ldap/servers/slapd/pw.h
file modified
+1 -1
ldap/servers/slapd/pw_retry.c
file modified
+23 -15
ldap/servers/slapd/result.c
file modified
+9 -1
ldap/servers/slapd/slap.h
file modified
+2 -0 
    Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions
    
    Bug Description:  DS doesn't return error LDAP_CONSTRAINT_VIOLATION until after the retry limit is exceeded
    
    Fix Description:  DS has essentially locked the account, but we didn't log the error until
                      the next bind.  Added a new config option "passwordLegacyPolicy: on|off"
                      that will trigger the error LDAP_CONSTRAINT_VIOLATION, if "legacy" is off,
                      when the limit is actually reached.  The default is to continue to do
                      things the "old" way, or legacy "on".
    
    https://fedorahosted.org/389/ticket/183
    
    reviewed by: Noriko (Thanks!)
file modified
+30 -0
file modified
+1 -0
file modified
+1 -1
file modified
+23 -15
file modified
+9 -1
file modified
+2 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.