ITS#4970 ignore pwdMinAge if pwdReset is TRUE

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index aa7bcee63717500c763702d88d0f5ad43832f036..438ae8c2d3f4599d70b19ff8c403ddfbdc850626 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1694,7 +1694,10 @@ ppolicy_modify( Operation *op, SlapReply *rs )
                goto return_results;
        }
 
-       if (pp.pwdMinAge > 0) {
+       /* Check age, but only if pwdReset is not TRUE */
+       pa = attr_find( e->e_attrs, ad_pwdReset );
+       if ((!pa || !bvmatch( &pa->a_nvals[0], &slap_true_bv )) &&
+               pp.pwdMinAge > 0) {
                time_t pwtime = (time_t)-1, now;
                int age;