per LDAPext discussion, delete pwdAccountLockedTime on password change

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index cc5cb9d409ad2ec5b4fe61607ff5e2c8c67b23ee..03a19697f359940a0a85e4f0547f0e602c31996f 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -119,7 +119,12 @@ static struct schema_info {
                "EQUALITY generalizedTimeMatch "
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-               "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+               "SINGLE-VALUE "
+#if 0
+               /* Not until MANAGEDIT control is released */
+               "NO-USER-MODIFICATION "
+#endif
+               "USAGE directoryOperation )",
                &ad_pwdAccountLockedTime },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.19 "
                "NAME ( 'pwdFailureTime' ) "
@@ -1489,6 +1494,19 @@ do_modify:
                        modtail = mods;
                }
 
+               if (attr_find(e->e_attrs, ad_pwdAccountLockedTime )) {
+                       mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
+                       mods->sml_op = LDAP_MOD_DELETE;
+                       mods->sml_flags = SLAP_MOD_INTERNAL;
+                       mods->sml_type.bv_val = NULL;
+                       mods->sml_desc = ad_pwdAccountLockedTime;
+                       mods->sml_values = NULL;
+                       mods->sml_nvalues = NULL;
+                       mods->sml_next = NULL;
+                       modtail->sml_next = mods;
+                       modtail = mods;
+               }
+
                /* Delete the pwdReset attribute, since it's being reset */
                if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
                        mods = (Modifications *) ch_malloc( sizeof( Modifications ) );