]> git.sur5r.net Git - openldap/commitdiff
ITS#6084 handle pwdAccountLockedTime values set into the future (i.e.,
authorHoward Chu <hyc@openldap.org>
Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
committerHoward Chu <hyc@openldap.org>
Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
lame way of setting an expiration date.)

servers/slapd/overlays/ppolicy.c

index 10870f3755ef9c30e661703eb3032aceb23132ad..8b374a8f87c96579353cdc82c16610f5cf1b6d12 100644 (file)
@@ -338,14 +338,18 @@ account_locked( Operation *op, Entry *e,
                        time_t then, now;
                        Modifications *m;
 
-                       if (!pp->pwdLockoutDuration)
-                               return 1;
-
                        if ((then = parse_time( vals[0].bv_val )) == (time_t)0)
                                return 1;
 
                        now = slap_get_time();
 
+                       /* Still in the future? not yet in effect */
+                       if (now < then)
+                               return 0;
+
+                       if (!pp->pwdLockoutDuration)
+                               return 1;
+
                        if (now < then + pp->pwdLockoutDuration)
                                return 1;