From: Howard Chu <hyc@openldap.org>
Date: Thu, 18 Mar 2004 10:51:18 +0000 (+0000)
Subject: Fix prev commit
X-Git-Tag: OPENLDAP_REL_ENG_2_2_BP~213
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ea14637a0d0c473d33f05353ebe45ac5e66d4a12;p=openldap

Fix prev commit
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 78ac231e64..ad33ff5fc5 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -989,7 +989,12 @@ locked:
 
 	if ( ppb->send_ctrl ) {
 		LDAPControl **ctrls = NULL;
+		pp_info *pi = on->on_bi.bi_private;
 
+		/* Do we really want to tell that the account is locked? */
+		if ( ppb->pErr == PP_accountLocked && !pi->use_lockout ) {
+			ppb->pErr = PP_noError;
+		}
 		ctrls = ch_calloc( sizeof( LDAPControl *) , 2 );
 		ctrls[0] = create_passcontrol( warn, ngut, ppb->pErr );
 		ctrls[1] = NULL;
@@ -1048,9 +1053,8 @@ ppolicy_bind( Operation *op, SlapReply *rs )
 		be_entry_release_r( op, e );
 
 		if ( rc ) {
-			pp_info *pi = on->on_bi.bi_private;
 			/* This will be the Draft 8 response, Unwilling is bogus */
-			if ( pi->use_lockout ) ppb->pErr = PP_accountLocked;
+			ppb->pErr = PP_accountLocked;
 			send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
 			return rs->sr_err;
 		}