From 13491b39059b149419cee44e32ac508d36f85853 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 15 Dec 2007 19:35:11 +0000
Subject: [PATCH] ITS#5285 don't check for password reuse if history is not
 enabled

---
 servers/slapd/overlays/ppolicy.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index b7f32c3570..2610ea5831 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1771,7 +1771,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 		}
 	}
 
-	if (pa) {
+	/* If pwdInHistory is zero, passwords may be reused */
+	if (pa && pp.pwdInHistory > 0) {
 		/*
 		 * Last check - the password history.
 		 */
@@ -1787,8 +1788,6 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 			goto return_results;
 		}
 	
-		if (pp.pwdInHistory < 1) goto do_modify;
-	
 		/*
 		 * Iterate through the password history, and fail on any
 		 * password matches.
-- 
2.39.5