From: Howard Chu Date: Tue, 23 Aug 2005 19:37:16 +0000 (+0000) Subject: Updated for draft 09, allow MANAGE for operational attrs. X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~599 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ef220ac1efb52efa0b370932b2052dca97739fa4;p=openldap Updated for draft 09, allow MANAGE for operational attrs. --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 6d0757c2df..115529014b 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -2,7 +2,7 @@ /* This work is part of OpenLDAP Software . * * Copyright 2004-2005 The OpenLDAP Foundation. - * Portions Copyright 2004 Howard Chu, Symas Corporation. + * Portions Copyright 2004-2005 Howard Chu, Symas Corporation. * Portions Copyright 2004 Hewlett-Packard Company. * All rights reserved. * @@ -23,7 +23,7 @@ #include "portable.h" /* This file implements "Password Policy for LDAP Directories", - * based on draft behera-ldap-password-policy-08 + * based on draft behera-ldap-password-policy-09 */ #ifdef SLAPD_OVER_PPOLICY @@ -111,7 +111,7 @@ static struct schema_info { "EQUALITY generalizedTimeMatch " "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " - "SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )", + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdChangedTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.17 " "NAME ( 'pwdAccountLockedTime' ) " @@ -119,7 +119,7 @@ static struct schema_info { "EQUALITY generalizedTimeMatch " "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " - "SINGLE-VALUE USAGE directoryOperation )", + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdAccountLockedTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.19 " "NAME ( 'pwdFailureTime' ) " @@ -127,21 +127,21 @@ static struct schema_info { "EQUALITY generalizedTimeMatch " "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " - "USAGE directoryOperation )", + "NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdFailureTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.20 " "NAME ( 'pwdHistory' ) " "DESC 'The history of users passwords' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " - "USAGE directoryOperation NO-USER-MODIFICATION )", + "NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdHistory }, { "( 1.3.6.1.4.1.42.2.27.8.1.21 " "NAME ( 'pwdGraceUseTime' ) " "DESC 'The timestamps of the grace login once the password has expired' " "EQUALITY generalizedTimeMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " - "USAGE directoryOperation NO-USER-MODIFICATION )", + "NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdGraceUseTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.22 " "NAME ( 'pwdReset' ) " @@ -155,7 +155,7 @@ static struct schema_info { "DESC 'The pwdPolicy subentry in effect for this object' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " - "SINGLE-VALUE USAGE directoryOperation )", + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdPolicySubentry }, { NULL, NULL } }; @@ -1768,6 +1768,11 @@ int ppolicy_init() scherr2str(code), err ); return code; } + /* Allow Manager to set these as needed */ + if ( is_at_no_user_mod( (*pwd_OpSchema[i].ad)->ad_type )) { + (*pwd_OpSchema[i].ad)->ad_type->sat_flags |= + SLAP_AT_MANAGEABLE; + } } code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,