diff options
| author | Pete Rowley <prowley@redhat.com> | 2007-02-27 02:57:30 +0000 |
|---|---|---|
| committer | Pete Rowley <prowley@redhat.com> | 2007-02-27 02:57:30 +0000 |
| commit | 1d09ab058e31cdcd26cd009fcc4d5c32cc77fb18 (patch) | |
| tree | 5504949e0add034f339005e42d719f3124c4108d /ldap/servers/slapd/pw_mgmt.c | |
| parent | 3dcb55f473152a3c49ed8903855cdab8a08a4bce (diff) | |
| download | ds-1d09ab058e31cdcd26cd009fcc4d5c32cc77fb18.tar.gz ds-1d09ab058e31cdcd26cd009fcc4d5c32cc77fb18.tar.xz ds-1d09ab058e31cdcd26cd009fcc4d5c32cc77fb18.zip | |
Add LDAPI
Diffstat (limited to 'ldap/servers/slapd/pw_mgmt.c')
| -rw-r--r-- | ldap/servers/slapd/pw_mgmt.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c index a383032c..20303f29 100644 --- a/ldap/servers/slapd/pw_mgmt.c +++ b/ldap/servers/slapd/pw_mgmt.c @@ -291,7 +291,7 @@ skip: /* check_account_lock is called before bind opeation; this could be a pre-op. */ int -check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req) { +check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only) { time_t unlock_time; time_t cur_time; @@ -312,8 +312,11 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre if ( bind_target_entry == NULL ) return -1; - dn = slapi_entry_get_ndn(bind_target_entry); - pwpolicy = new_passwdPolicy(pb, dn); + if(!account_inactivation_only) + { + dn = slapi_entry_get_ndn(bind_target_entry); + pwpolicy = new_passwdPolicy(pb, dn); + } /* kexcoff: account inactivation */ /* check if the entry is locked by nsAccountLock attribute - account inactivation feature */ @@ -334,11 +337,12 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre if ( (bvp != NULL) && (strcasecmp(bvp->bv_val, "true") == 0) ) { /* account inactivated */ - if (pwresponse_req) { + if (!account_inactivation_only && pwresponse_req) { slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_ACCTLOCKED ); } - send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL, + if(!account_inactivation_only) + send_ldap_result ( pb, LDAP_UNWILLING_TO_PERFORM, NULL, "Account inactivated. Contact system administrator.", 0, NULL ); slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags); @@ -354,7 +358,7 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre /* * Check if the password policy has to be checked or not */ - if ( pwpolicy->pw_lockout == 0 ) { + if ( account_inactivation_only || pwpolicy->pw_lockout == 0 ) { goto notlocked; } @@ -412,11 +416,13 @@ check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwre } notlocked: - /* account is not locked. */ - delete_passwdPolicy(&pwpolicy); + /* account is not locked. */ + if(!account_inactivation_only) + delete_passwdPolicy(&pwpolicy); return ( 0 ); locked: - delete_passwdPolicy(&pwpolicy); + if(!account_inactivation_only) + delete_passwdPolicy(&pwpolicy); return (1); } |