From 1b7a5871c2a137b5d5490e08159a011f1fa26e55 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Tue, 1 Sep 2015 19:19:57 -0700
Subject: [PATCH] ITS#8234 revert to default policy on failure

---
 servers/slapd/overlays/ppolicy.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index a0c52e11f9..58a91cdb9f 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -468,6 +468,18 @@ add_passcontrol( Operation *op, SlapReply *rs, LDAPControl *ctrl )
 	return oldctrls;
 }
 
+static void
+ppolicy_get_default( PassPolicy *pp )
+{
+	memset( pp, 0, sizeof(PassPolicy) );
+
+	pp->ad = slap_schema.si_ad_userPassword;
+
+	/* Users can change their own password by default */
+	pp->pwdAllowUserChange = 1;
+}
+
+
 static void
 ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 {
@@ -481,12 +493,7 @@ ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 	const char *text;
 #endif
 
-	memset( pp, 0, sizeof(PassPolicy) );
-
-	pp->ad = slap_schema.si_ad_userPassword;
-
-	/* Users can change their own password by default */
-    	pp->pwdAllowUserChange = 1;
+	ppolicy_get_default( pp );
 
 	if ((a = attr_find( e->e_attrs, ad_pwdPolicySubentry )) == NULL) {
 		/*
@@ -584,6 +591,9 @@ defaultpol:
 
 	Debug( LDAP_DEBUG_TRACE,
 		"ppolicy_get: using default policy\n", 0, 0, 0 );
+
+	ppolicy_get_default( pp );
+
 	return;
 }
 
-- 
2.39.5