From: Howard Chu <hyc@openldap.org>
Date: Sat, 15 Dec 2007 19:35:11 +0000 (+0000)
Subject: ITS#5285 don't check for password reuse if history is not enabled
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~296
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=13491b39059b149419cee44e32ac508d36f85853;p=openldap

ITS#5285 don't check for password reuse if history is not enabled
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b7f32c3570..2610ea5831 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1771,7 +1771,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		}
 	}
 
-	if (pa) {
+	/* If pwdInHistory is zero, passwords may be reused */
+	if (pa && pp.pwdInHistory > 0) {
 		/*
 		 * Last check - the password history.
 		 */
@@ -1787,8 +1788,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 			goto return_results;
 		}
 	
-		if (pp.pwdInHistory < 1) goto do_modify;
-	
 		/*
 		 * Iterate through the password history, and fail on any
 		 * password matches.