[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.
- From: hyc@symas.com
- Date: Thu, 2 Dec 2010 17:14:38 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
h.b.furuseth@usit.uio.no wrote:
> Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak.
>
> Reproducing the bug:
>
> userPassword can exist without pwdChangedTime if you bypass
> ppolicy: Use slapadd to add an entry with userPassword, or add
> it to a subtree with no policy and then configure a policy.
>
> Then set up ppolicy and use ldapmodify to delete userPassword.
>
In that case the correct fix is to skip the pwdChangedTime attribute
completely. The ppolicy spec says that entries without pwdChangedTime are not
subject to password expiration at all.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/