From f4637d60c2937aded7c6e9098cc4e408054777e1 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 2 Sep 2005 20:38:05 +0000
Subject: [PATCH] per LDAPext discussion, delete pwdAccountLockedTime on
 password change

---
 servers/slapd/overlays/ppolicy.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index cc5cb9d409..03a19697f3 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -119,7 +119,12 @@ static struct schema_info {
 		"EQUALITY generalizedTimeMatch "
 		"ORDERING generalizedTimeOrderingMatch "
 		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-		"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
+		"SINGLE-VALUE "
+#if 0
+		/* Not until MANAGEDIT control is released */
+		"NO-USER-MODIFICATION "
+#endif
+		"USAGE directoryOperation )",
 		&ad_pwdAccountLockedTime },
 	{	"( 1.3.6.1.4.1.42.2.27.8.1.19 "
 		"NAME ( 'pwdFailureTime' ) "
@@ -1489,6 +1494,19 @@ do_modify:
 			modtail = mods;
 		}
 
+		if (attr_find(e->e_attrs, ad_pwdAccountLockedTime )) {
+			mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
+			mods->sml_op = LDAP_MOD_DELETE;
+			mods->sml_flags = SLAP_MOD_INTERNAL;
+			mods->sml_type.bv_val = NULL;
+			mods->sml_desc = ad_pwdAccountLockedTime;
+			mods->sml_values = NULL;
+			mods->sml_nvalues = NULL;
+			mods->sml_next = NULL;
+			modtail->sml_next = mods;
+			modtail = mods;
+		}
+
 		/* Delete the pwdReset attribute, since it's being reset */
 		if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
 			mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
-- 
2.39.2