From 4a01095505a7e8cdee632b20dbc1b9e39780cc45 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Apr 15 2019 15:23:46 +0000 Subject: Ticket 50053 - Subtree password policy overrides a user-defined password policy Bug Description: When an entry contains an attribute that is also defined by a cos definition a specifier defines which values win: the real values that are in the entry or the virtual values that are cos defined. The specifier 'default' means that the real values are the winners (returned). 'operational-default' has the same behavior but just specify that the attribute is operational. The bug is that when real values exists, the 'operational-default' specifier drops the real values in favor of the virtual ones. Fix Description: Change the test, so that real values are not kept for 'operation-default' Note: the full routine cos_cache_query_attr looks quite messy and error prone It would be nice to rewrite it when we have time https://pagure.io/389-ds-base/issue/50053 --- diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c index 5e0cf17..64c0441 100644 --- a/ldap/servers/plugins/cos/cos_cache.c +++ b/ldap/servers/plugins/cos/cos_cache.c @@ -2279,7 +2279,7 @@ cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context, Slapi_Entry * /* now for the tests */ /* would we be allowed to supply this attribute if we had one? */ - if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational && !pAttr->attr_operational_default) { + if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational) { /* answer: no, move on to the next attribute */ attr_index++; continue;