Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.

2 Dec 2010


      h.b.furuseth@usit.uio.no wrote:
...
Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak.
Reproducing the bug:
userPassword can exist without pwdChangedTime if you bypass
   ppolicy: Use slapadd to add an entry with userPassword, or add
   it to a subtree with no policy and then configure a policy.
Then set up ppolicy and use ldapmodify to delete userPassword.
In that case the correct fix is to skip the pwdChangedTime attribute 
completely. The ppolicy spec says that entries without pwdChangedTime are not 
subject to password expiration at all.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#6620) ppolicy: pwdChangedTime/userPassword delete issue.