From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 1 Jul 2009 22:49:15 +0000 (+0000)
Subject: ITS#6168 actually use pwdLockout setting
X-Git-Tag: OPENLDAP_REL_ENG_2_4_17~21
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e8e0f67703a94a70cf427949b836ea24b93d8c02;p=openldap

ITS#6168 actually use pwdLockout setting
---

diff --git a/CHANGES b/CHANGES
index ebb822784d..fe21a701db 100644
--- a/CHANGES
+++ b/CHANGES
@@ -44,6 +44,7 @@ OpenLDAP 2.4.17 Engineering
 	Fixed slapo-collect missing equality match rule (ITS#6075)
 	Fixed slapo-dds entry expiration (ITS#6169)
 	Fixed slapo-perl symbols (ITS#5658)
+	Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
 	Fixed slapo-refint refint_repair handling (ITS#6056)
 	Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
 	Fixed slapo-rwm dn passing (ITS#6070)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 639fc5beeb..62324ca2f9 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -324,6 +324,9 @@ account_locked( Operation *op, Entry *e,
 
 	assert(mod != NULL);
 
+	if ( !pp->pwdLockout )
+		return 0;
+
 	if ( (la = attr_find( e->e_attrs, ad_pwdAccountLockedTime )) != NULL ) {
 		BerVarray vals = la->a_nvals;
 
diff --git a/tests/data/ppolicy.ldif b/tests/data/ppolicy.ldif
index 578aa6107d..fdd0c48be1 100644
--- a/tests/data/ppolicy.ldif
+++ b/tests/data/ppolicy.ldif
@@ -33,6 +33,7 @@ pwdMustChange: TRUE
 pwdMaxFailure: 3
 pwdFailureCountInterval: 120
 pwdSafeModify: TRUE
+pwdLockout: TRUE
 
 dn: uid=nd, ou=People, dc=example, dc=com
 objectClass: top