diff options
author | Sumit Bose <sbose@redhat.com> | 2011-06-16 12:31:09 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-10-26 10:29:37 -0400 |
commit | ebbbf9cafd0854d2fc6314205b0ea94fd2a95655 (patch) | |
tree | 3b8ac5bd7220bfa1591d5ff651a914b4735535ad /src | |
parent | 9c47bdef9d2d67e7fed31201f7007b7dd9e85903 (diff) | |
download | sssd-ebbbf9cafd0854d2fc6314205b0ea94fd2a95655.tar.gz sssd-ebbbf9cafd0854d2fc6314205b0ea94fd2a95655.tar.xz sssd-ebbbf9cafd0854d2fc6314205b0ea94fd2a95655.zip |
Do not check pwdAttribute
It is not safe to check pwdAttribute to see if server side password
policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is
present the bind response we can assume that there is a server side
password policy.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index e45d5b3ed..a8aa1af9d 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -252,15 +252,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EINVAL; } - mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL); - if (mark != NULL) { - DEBUG(9, ("Found pwdAttribute, " - "assuming LDAP password policies are active.\n")); - - *type = PWEXPIRE_LDAP_PASSWORD_POLICY; - return EOK; - } - if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { DEBUG(9, ("No password policy requested.\n")); return EOK; |