[Date Prev][Date Next]
Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.
- From: firstname.lastname@example.org
- Date: Thu, 2 Dec 2010 17:14:38 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak.
> Reproducing the bug:
> userPassword can exist without pwdChangedTime if you bypass
> ppolicy: Use slapadd to add an entry with userPassword, or add
> it to a subtree with no policy and then configure a policy.
> Then set up ppolicy and use ldapmodify to delete userPassword.
In that case the correct fix is to skip the pwdChangedTime attribute
completely. The ppolicy spec says that entries without pwdChangedTime are not
subject to password expiration at all.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/