From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sat, 9 Feb 2008 00:47:10 +0000 (+0000)
Subject: ITS#5285
X-Git-Tag: OPENLDAP_REL_ENG_2_4_8~126
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a6b369006bacdb8133c1d6a686b23bcfd828756d;p=openldap

ITS#5285
---

diff --git a/CHANGES b/CHANGES
index e50a359f56..f4646ec1bb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ OpenLDAP 2.4.8 Engineering
 	Fixed slapd-ldif delete (ITS#5265)
 	Added slapo-autogroup contrib module (ITS#5145)
 	Added slapo-constraint cross-attribute constraints (ITS#4987)
+	Fixed slapo-ppolicy password checking when no policy required it (ITS#5285)
 	Added slapo-translucent local searching (ITS#5283)
 	Fixed test047 to skip if rwm is not available (ITS#5292)
 	Build Environment
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b7f32c3570..2610ea5831 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1771,7 +1771,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		}
 	}
 
-	if (pa) {
+	/* If pwdInHistory is zero, passwords may be reused */
+	if (pa && pp.pwdInHistory > 0) {
 		/*
 		 * Last check - the password history.
 		 */
@@ -1787,8 +1788,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 			goto return_results;
 		}
 	
-		if (pp.pwdInHistory < 1) goto do_modify;
-	
 		/*
 		 * Iterate through the password history, and fail on any
 		 * password matches.