Added ppolicy_hide_lockout keyword

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b8bce27efa590667d3d2bb6a96a26c3226102654..0b68a2b5b7c2209be79cb6ada925e3d3d418d054 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -40,6 +40,7 @@
 /* Per-instance configuration information */
 typedef struct pp_info {
        struct berval def_policy;       /* DN of default policy subentry */
+       int hide_lockout;               /* omit AccountLocked result? */
 } pp_info;
 
 /* Our per-connection info - note, it is not per-instance, it is 
@@ -1047,8 +1048,9 @@ ppolicy_bind( Operation *op, SlapReply *rs )
                be_entry_release_r( op, e );
 
                if ( rc ) {
+                       pp_info *pi = on->on_bi.bi_private;
                        /* This will be the Draft 8 response, Unwilling is bogus */
-                       ppb->pErr = PP_accountLocked;
+                       if ( !pi->hide_lockout ) ppb->pErr = PP_accountLocked;
                        send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
                        return rs->sr_err;
                }
@@ -1769,6 +1771,13 @@ ppolicy_config(
                        return 1;
                }
                return 0;
+       } else if ( strcasecmp( argv[0], "ppolicy_hide_lockout" ) == 0 ) {
+               if ( argc != 1 ) {
+                       fprintf( stderr, "%s: line %d: ppolicy_hide_lockout "
+                               "takes no arguments\n", fname, lineno );
+                       return ( 1 );
+               }
+               pi->hide_lockout = 1;
        }
        return SLAP_CONF_UNKNOWN;
 }