From 8e8c7017e7d2aaa54469075dac82b9aa44d17b59 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 16 Jun 2011 12:31:09 +0200
Subject: Do not check pwdAttribute

It is not safe to check pwdAttribute to see if server side password
policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is
present the bind response we can assume that there is a server side
password policy.
---
 src/providers/ldap/ldap_auth.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index e45d5b3ed..a8aa1af9d 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -252,15 +252,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
         return EINVAL;
     }
 
-    mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL);
-    if (mark != NULL) {
-        DEBUG(9, ("Found pwdAttribute, "
-                  "assuming LDAP password policies are active.\n"));
-
-        *type = PWEXPIRE_LDAP_PASSWORD_POLICY;
-        return EOK;
-    }
-
     if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) {
         DEBUG(9, ("No password policy requested.\n"));
         return EOK;
-- 
cgit