From f534445e26ebfca38afe1c834ba088cbcbc24e37 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 6 Jul 2011 16:26:27 -0400
Subject: Reset failed login count to 0 when admin resets password.

https://fedorahosted.org/freeipa/ticket/1441
---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 5ff214e50..25557aa94 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -1197,6 +1197,12 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
         slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
                               "sambaPwdLastset", modtime);
     }
+    if (is_krb) {
+        if (data->changetype == IPA_CHANGETYPE_ADMIN) {
+            slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
+                                 "krbLoginFailedCount", "0");
+        }
+    }
     /* let DS encode the password itself, this allows also other plugins to
      * intercept it to perform operations like synchronization with Active
      * Directory domains through the replication plugin */
-- 
cgit