[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.

h.b.furuseth@usit.uio.no wrote:
> Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak.
> Reproducing the bug:
>    userPassword can exist without pwdChangedTime if you bypass
>    ppolicy: Use slapadd to add an entry with userPassword, or add
>    it to a subtree with no policy and then configure a policy.
>    Then set up ppolicy and use ldapmodify to delete userPassword.
In that case the correct fix is to skip the pwdChangedTime attribute 
completely. The ppolicy spec says that entries without pwdChangedTime are not 
subject to password expiration at all.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/