From: Howard Chu Date: Tue, 3 Oct 2006 09:25:54 +0000 (+0000) Subject: ITS#4692 entries without pwdChangedTime attribute have non-expiring pw X-Git-Tag: OPENLDAP_REL_ENG_2_3_MP~84 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e9ecaa5d81437d292bd8641db7fb9bb513d61ff3;p=openldap ITS#4692 entries without pwdChangedTime attribute have non-expiring pw --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index d73851aed2..68216d445a 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1014,26 +1014,12 @@ ppolicy_bind_response( Operation *op, SlapReply *rs ) * we now check whether the password has expired. * * We can skip this bit if passwords don't age in - * the policy. + * the policy. Also, if there was no pwdChangedTime + * attribute in the entry, the password never expires. */ if (ppb->pp.pwdMaxAge == 0) goto grace; - if (pwtime == (time_t)-1) { - /* - * Hmm. No password changed time on the - * entry. This is odd - it should have - * been provided when the attribute was added. - * - * However, it's possible that it could be - * missing if the DIT was established via - * an import process. - */ - Debug( LDAP_DEBUG_ANY, - "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", - e->e_name.bv_val, 0, 0); - - pwExpired = 1; - } else { + if (pwtime != (time_t)-1) { /* * Check: was the last change time of * the password older than the maximum age