From: Howard Chu <hyc@openldap.org>
Date: Thu, 18 Mar 2004 10:20:27 +0000 (+0000)
Subject: Added ppolicy_hide_lockout keyword
X-Git-Tag: OPENLDAP_REL_ENG_2_2_BP~215
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=def2fab7b53b875c2cf9ba7b7d666aa79412352c;p=openldap

Added ppolicy_hide_lockout keyword
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b8bce27efa..0b68a2b5b7 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -40,6 +40,7 @@
 /* Per-instance configuration information */
 typedef struct pp_info {
 	struct berval def_policy;	/* DN of default policy subentry */
+	int hide_lockout;		/* omit AccountLocked result? */
 } pp_info;
 
 /* Our per-connection info - note, it is not per-instance, it is 
@@ -1047,8 +1048,9 @@ ppolicy_bind( Operation *op, SlapReply *rs )
 		be_entry_release_r( op, e );
 
 		if ( rc ) {
+			pp_info *pi = on->on_bi.bi_private;
 			/* This will be the Draft 8 response, Unwilling is bogus */
-			ppb->pErr = PP_accountLocked;
+			if ( !pi->hide_lockout ) ppb->pErr = PP_accountLocked;
 			send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
 			return rs->sr_err;
 		}
@@ -1769,6 +1771,13 @@ ppolicy_config(
 			return 1;
 		}
 		return 0;
+	} else if ( strcasecmp( argv[0], "ppolicy_hide_lockout" ) == 0 ) {
+		if ( argc != 1 ) {
+			fprintf( stderr, "%s: line %d: ppolicy_hide_lockout "
+				"takes no arguments\n", fname, lineno );
+			return ( 1 );
+		}
+		pi->hide_lockout = 1;
 	}
 	return SLAP_CONF_UNKNOWN;
 }