Do not check pwdAttribute

It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
author: Sumit Bose <sbose@redhat.com> 2011-06-16 12:31:09 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-06-16 18:16:32 -0400
commit: 4443a193fefa51d159e49b23b12a6e52ff56bf08 (patch)
tree: bf31a2f661d50d46af204e5b08fd26fe66e16330 /src/providers
parent: 8ab03b3f76eb52587ab75bab69c1345f535ffb95 (diff)
download: sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.tar.gz
sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.tar.xz
sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.zip
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index e45d5b3ed..a8aa1af9d 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -252,15 +252,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
         return EINVAL;
     }
 
-    mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL);
-    if (mark != NULL) {
-        DEBUG(9, ("Found pwdAttribute, "
-                  "assuming LDAP password policies are active.\n"));
-
-        *type = PWEXPIRE_LDAP_PASSWORD_POLICY;
-        return EOK;
-    }
-
     if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) {
         DEBUG(9, ("No password policy requested.\n"));
         return EOK;
author	Sumit Bose <sbose@redhat.com>	2011-06-16 12:31:09 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-06-16 18:16:32 -0400
commit	4443a193fefa51d159e49b23b12a6e52ff56bf08 (patch)
tree	bf31a2f661d50d46af204e5b08fd26fe66e16330 /src/providers
parent	8ab03b3f76eb52587ab75bab69c1345f535ffb95 (diff)
download	sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.tar.gz sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.tar.xz sssd-4443a193fefa51d159e49b23b12a6e52ff56bf08.zip