ITS#5285 don't check for password reuse if history is not enabled

author Howard Chu <hyc@openldap.org>

Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)

committer Howard Chu <hyc@openldap.org>

Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)
committer Howard Chu <hyc@openldap.org>
Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c

index b7f32c3570d57d2162ee4615d3b0a52f5c891a4e..2610ea5831abf02fcb7ef3a1892452d0ccc688f5 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1771,7 +1771,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                 }
         }
  
-       if (pa) {
+       /* If pwdInHistory is zero, passwords may be reused */
+       if (pa && pp.pwdInHistory > 0) {
                 /*
                  * Last check - the password history.
                  */
@@ -1787,8 +1788,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                         goto return_results;
                 }
         
-               if (pp.pwdInHistory < 1) goto do_modify;
-       
                 /*
                  * Iterate through the password history, and fail on any
                  * password matches.
author	Howard Chu <hyc@openldap.org>
	Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sat, 15 Dec 2007 19:35:11 +0000 (19:35 +0000)