From: Ryan Tandy <ryan@nardis.ca>
Date: Mon, 16 Mar 2015 04:53:32 +0000 (+0000)
Subject: ITS#8080 nssov: allow user pwmod without pwdmgr configured
X-Git-Tag: OPENLDAP_REL_ENG_2_4_41~62
X-Git-Url: https://git.sur5r.net/?p=openldap;a=commitdiff_plain;h=a01fd59acc3331b8c9bec03f1bfeeca3aaaabd1f

ITS#8080 nssov: allow user pwmod without pwdmgr configured
---

diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index a455331ed3..25ed22abdc 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -770,13 +770,8 @@ int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid)
 		goto done;
 	}
 
-	if (BER_BVISEMPTY(&ni->ni_pam_pwdmgr_dn)) {
-		Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
-			"pwdmgr not configured", 0, 0);
-		ber_str2bv("pwdmgr not configured", 0, 0, &pi.msg);
-		rc = NSLCD_PAM_PERM_DENIED;
-		goto done;
-	} else if (!ber_bvcmp(&pi.dn, &ni->ni_pam_pwdmgr_dn)) {
+	if (!BER_BVISEMPTY(&ni->ni_pam_pwdmgr_dn) &&
+		!ber_bvcmp(&pi.dn, &ni->ni_pam_pwdmgr_dn)) {
 		if (calleruid != 0) {
 			Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(): %s\n",
 				"caller is not root", 0, 0);