diff options
| author | Sumit Bose <sbose@redhat.com> | 2011-06-16 12:31:09 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-13 12:35:45 -0400 |
| commit | 8e8c7017e7d2aaa54469075dac82b9aa44d17b59 (patch) | |
| tree | ae9c59d4ba5f7cb3e4b9c3c2aeac2b865dd2193a | |
| parent | ea9a1b158585b3626b8e25ed79b92c579502e58c (diff) | |
| download | sssd-8e8c7017e7d2aaa54469075dac82b9aa44d17b59.tar.gz sssd-8e8c7017e7d2aaa54469075dac82b9aa44d17b59.tar.xz sssd-8e8c7017e7d2aaa54469075dac82b9aa44d17b59.zip | |
Do not check pwdAttribute
It is not safe to check pwdAttribute to see if server side password
policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is
present the bind response we can assume that there is a server side
password policy.
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index e45d5b3ed..a8aa1af9d 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -252,15 +252,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EINVAL; } - mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL); - if (mark != NULL) { - DEBUG(9, ("Found pwdAttribute, " - "assuming LDAP password policies are active.\n")); - - *type = PWEXPIRE_LDAP_PASSWORD_POLICY; - return EOK; - } - if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { DEBUG(9, ("No password policy requested.\n")); return EOK; |