time_t then, now;
Modifications *m;
- if (!pp->pwdLockoutDuration)
- return 1;
-
if ((then = parse_time( vals[0].bv_val )) == (time_t)0)
return 1;
now = slap_get_time();
+ /* Still in the future? not yet in effect */
+ if (now < then)
+ return 0;
+
+ if (!pp->pwdLockoutDuration)
+ return 1;
+
if (now < then + pp->pwdLockoutDuration)
return 1;
assert( cred != NULL );
assert( pp != NULL );
+ assert( txt != NULL );
+
+ *txt = NULL;
if ((cred->bv_len == 0) || (pp->pwdMinLength > cred->bv_len)) {
rc = LDAP_CONSTRAINT_VIOLATION;
pp->pwdCheckModule, err, 0 );
ok = LDAP_OTHER;
} else {
- *txt = NULL;
ldap_pvt_thread_mutex_lock( &chk_syntax_mutex );
ok = prog( ptr, txt, e );
ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex );
SlapReply r2 = { REP_RESULT };
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
pp_info *pi = on->on_bi.bi_private;
+ LDAPControl c, *ca[2];
op2.o_tag = LDAP_REQ_MODIFY;
op2.o_callback = &cb;
op2.orm_modlist = mod;
+ op2.orm_no_opattrs = 0;
op2.o_dn = op->o_bd->be_rootdn;
op2.o_ndn = op->o_bd->be_rootndn;
* chain overlay. Obviously the updateref and chain overlay
* must be configured appropriately for this to be useful.
*/
- if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates )
+ if ( SLAP_SHADOW( op->o_bd ) && pi->forward_updates ) {
op2.o_bd = frontendDB;
- else
+
+ /* Must use Relax control since these are no-user-mod */
+ op2.o_relax = SLAP_CONTROL_CRITICAL;
+ op2.o_ctrls = ca;
+ ca[0] = &c;
+ ca[1] = NULL;
+ BER_BVZERO( &c.ldctl_value );
+ c.ldctl_iscritical = 1;
+ c.ldctl_oid = LDAP_CONTROL_RELAX;
+ } else {
op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+ }
rc = op2.o_bd->be_modify( &op2, &r2 );
slap_mods_free( mod, 1 );
}