From: Howard Chu Date: Tue, 30 Jun 2009 12:12:53 +0000 (+0000) Subject: ITS#6084 handle pwdAccountLockedTime values set into the future (i.e., X-Git-Tag: ACLCHECK_0~468 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8a0b05bfeb90fe401cbbbda87b39ca0fbeb79082;p=openldap ITS#6084 handle pwdAccountLockedTime values set into the future (i.e., lame way of setting an expiration date.) --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 10870f3755..8b374a8f87 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -338,14 +338,18 @@ account_locked( Operation *op, Entry *e, time_t then, now; Modifications *m; - if (!pp->pwdLockoutDuration) - return 1; - if ((then = parse_time( vals[0].bv_val )) == (time_t)0) return 1; now = slap_get_time(); + /* Still in the future? not yet in effect */ + if (now < then) + return 0; + + if (!pp->pwdLockoutDuration) + return 1; + if (now < then + pp->pwdLockoutDuration) return 1;