ITS#6084 handle pwdAccountLockedTime values set into the future (i.e.,

author Howard Chu <hyc@openldap.org>

Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)

committer Howard Chu <hyc@openldap.org>

Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
author Howard Chu <hyc@openldap.org>
Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
committer Howard Chu <hyc@openldap.org>
Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c

index 10870f3755ef9c30e661703eb3032aceb23132ad..8b374a8f87c96579353cdc82c16610f5cf1b6d12 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -338,14 +338,18 @@ account_locked( Operation *op, Entry *e,
                         time_t then, now;
                         Modifications *m;
  
-                       if (!pp->pwdLockoutDuration)
-                               return 1;
-
                         if ((then = parse_time( vals[0].bv_val )) == (time_t)0)
                                 return 1;
  
                         now = slap_get_time();
  
+                       /* Still in the future? not yet in effect */
+                       if (now < then)
+                               return 0;
+
+                       if (!pp->pwdLockoutDuration)
+                               return 1;
+
                         if (now < then + pp->pwdLockoutDuration)
                                 return 1;
author	Howard Chu <hyc@openldap.org>
	Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)
committer	Howard Chu <hyc@openldap.org>
	Tue, 30 Jun 2009 12:12:53 +0000 (12:12 +0000)