Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user
Bug Description:
If a user's password was reset by an "Admin" or directory manager, the
password policy requires a user must change their password after it's
been "reset", and the user then resets their password in DS, this
information was not sent to AD. Then if the user logged in AD after
resetting their password in DS they still get forced to change their
password again in AD.
Fix Description:
When sending a password update to AD, and AD is enforcing password must
be reset, check if the user's did reset thier password. If so, set the
correct "pwdLastSet" value to prevent AD from forcing that user to
change their password again.
But this only works going from DS to AD. The information needed to make
it work from AD -> DS is not available to passSync, and if it was available
it could not be correctly sent to DS anyway (not without a major redesign).
Side Note:
Also moved iand consolidated the function "fetch_attr" to util.c. It
was reused and redefined in many plugins. So I added the definition
to slapi-plugin.h and removed the duplicate definitions.
https://pagure.io/389-ds-base/issue/49950
Reviewed by: tbordaz(Thanks!)
(cherry picked from commit d9437be2e60fdbd6a5f1364f5887e1a3c89cda68)
(cherry picked from commit ac500d378aa22d5e818b110074ac9cd3e421e38d)