ftweedal / 389-ds-base

Forked from 389-ds-base 6 years ago
Clone
Source Code
GIT

f977972 Bug 489379 - passwordExpirationTime in entry being added

Authored and Committed by Noriko Hosoi 13 years ago
raw patch tree parent
1 file changed. 38 lines added. 19 lines removed.
ldap/servers/slapd/pw.c
file modified
+38 -19 
    Bug 489379 - passwordExpirationTime in entry being added
    collides with passwordMustChange policy
    
    https://bugzilla.redhat.com/show_bug.cgi?id=489379
    
    Description:
    If we have passwordMustChange policy enabled and try to add an entry
    that already contains an passwordExpirationTime attribute, then the
    passwordMustChange code will insert another passwordExpirationTime
    attribute with the magic 19700101000000Z value.  This wont work
    because passwordExpirationTime is single-valued:
    ldap_add: Object class violation
    ldap_add: additional info: single-valued attribute "passwordExpirationTime"
    has multiple values
    
    We need to pick one passwordExpirationTime value to "win".  I think
    it makes sense for the value that exists in the entry being added
    to win, but I'm open to discussion if it's felt that would violate
    the password policy.
    
    To make the existing passwordExpirationTime value win, in
    add_password_attrs() in pw.c I think the logic can be changed so
    the scan for passwordExpirationTime happens unconditionally and
    then not touch it even if pwpolicy->pw_must_change is set.
    
    This patch has been submitted by Ulf Weltman (ulf.weltman@hp.com).
file modified
+38 -19
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.