From: Quanah Gibson-Mount Date: Wed, 1 Jul 2009 22:53:33 +0000 (+0000) Subject: ITS#6084 X-Git-Tag: OPENLDAP_REL_ENG_2_4_17~18 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f6ada04d9d664f1088e0e0fb8aab1a40fe444a67;p=openldap ITS#6084 --- diff --git a/CHANGES b/CHANGES index a9852b504d..1a66341e36 100644 --- a/CHANGES +++ b/CHANGES @@ -46,6 +46,7 @@ OpenLDAP 2.4.17 Engineering Fixed slapo-perl symbols (ITS#5658) Fixed slapo-ppolicy to honor pwdLockout (ITS#6168) Fixed slapo-ppolicy to return check modules error message (ITS#6082) + Fixed slapo-ppolicy with future lockout times (ITS#6084) Fixed slapo-refint refint_repair handling (ITS#6056) Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057) Fixed slapo-rwm dn passing (ITS#6070) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 10870f3755..8b374a8f87 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -338,14 +338,18 @@ account_locked( Operation *op, Entry *e, time_t then, now; Modifications *m; - if (!pp->pwdLockoutDuration) - return 1; - if ((then = parse_time( vals[0].bv_val )) == (time_t)0) return 1; now = slap_get_time(); + /* Still in the future? not yet in effect */ + if (now < then) + return 0; + + if (!pp->pwdLockoutDuration) + return 1; + if (now < then + pp->pwdLockoutDuration) return 1;