partial fix to ITS#3659; still problems in merging values with "permissive" set

[openldap] / servers / slapd / overlays / ppolicy.c

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 11bd2ca7eebdf00ca26758296be5a596eafaffb9..57046c4df712410beca43c8195c5d283dfd921a7 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -114,7 +114,7 @@ static struct schema_info {
                "EQUALITY generalizedTimeMatch "
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-               "SINGLE-VALUE USAGE directoryOperation )",
+               "SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )",
                &ad_pwdChangedTime },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.17 "
                "NAME ( 'pwdAccountLockedTime' ) "
@@ -130,7 +130,7 @@ static struct schema_info {
                "EQUALITY generalizedTimeMatch "
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-               "SINGLE-VALUE USAGE directoryOperation )",
+               "SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )",
                &ad_pwdExpirationWarned },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.19 "
                "NAME ( 'pwdFailureTime' ) "
@@ -145,21 +145,21 @@ static struct schema_info {
                "DESC 'The history of users passwords' "
                "EQUALITY octetStringMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
-               "USAGE directoryOperation )",
+               "USAGE directoryOperation NO-USER-MODIFICATION )",
                &ad_pwdHistory },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.21 "
                "NAME ( 'pwdGraceUseTime' ) "
                "DESC 'The timestamps of the grace login once the password has expired' "
                "EQUALITY generalizedTimeMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-               "USAGE directoryOperation )",
+               "USAGE directoryOperation NO-USER-MODIFICATION )",
                &ad_pwdGraceUseTime }, 
        {       "( 1.3.6.1.4.1.42.2.27.8.1.22 "
                "NAME ( 'pwdReset' ) "
                "DESC 'The indication that the password has been reset' "
                "EQUALITY booleanMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
-               "SINGLE-VALUE USAGE directoryOperation )",
+               "SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )",
                &ad_pwdReset },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.23 "
                "NAME ( 'pwdPolicySubentry' ) "
@@ -1706,6 +1706,14 @@ ppolicy_db_init(
        return 0;
 }
 
+static int
+ppolicy_db_open(
+    BackendDB *be
+)
+{
+       return overlay_register_control( be, LDAP_CONTROL_PASSWORDPOLICYREQUEST );
+}
+
 static int
 ppolicy_close(
        BackendDB *be
@@ -1789,7 +1797,7 @@ int ppolicy_init()
                                ldap_scherr2str(code), err );
                        return code;
                }
-               code = at_add( at, &err );
+               code = at_add( at, 0, NULL, &err );
                if ( !code ) {
                        slap_str2ad( at->at_names[0], pwd_OpSchema[i].ad, &err );
                }
@@ -1802,7 +1810,7 @@ int ppolicy_init()
        }
 
        code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
-               SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY, extops,
+               SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, extops,
                ppolicy_parseCtrl, &ppolicy_cid );
        if ( code != LDAP_SUCCESS ) {
                fprintf( stderr, "Failed to register control %d\n", code );
@@ -1813,6 +1821,7 @@ int ppolicy_init()
 
        ppolicy.on_bi.bi_type = "ppolicy";
        ppolicy.on_bi.bi_db_init = ppolicy_db_init;
+       ppolicy.on_bi.bi_db_open = ppolicy_db_open;
        ppolicy.on_bi.bi_db_config = ppolicy_config;
        ppolicy.on_bi.bi_db_close = ppolicy_close;