Resolves: 229513

Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND
Change: If password lockout is on, need_new_pw from the successful bind tries
to set passwordRetryCount to 0 in smods, but if passwordExpirationTime is not
set and password never expires, the smods is not applied and discarded.  Added
pw_apply_mods if password lockout is on.

1 files changed, 4 insertions, 2 deletions

diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 20303f29..98f824f1 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -95,12 +95,14 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
 			pw_exp_date = time_plus_sec ( cur_time, 
 				pwpolicy->pw_maxage );
 
-			timestring = format_genTime (pw_exp_date);			
+			timestring = format_genTime (pw_exp_date);
 			slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpirationTime", timestring);
 			slapi_ch_free((void **)&timestring);
 			slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpWarned", "0");
 			
 			pw_apply_mods(dn, &smods);
+		} else if (pwpolicy->pw_lockout == 1) {
+			pw_apply_mods(dn, &smods);
 		}
 		slapi_mods_done(&smods);
 		delete_passwdPolicy(&pwpolicy);
@@ -109,7 +111,7 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req )
 
 	pw_exp_date = parse_genTime(passwordExpirationTime);
 
-        slapi_ch_free((void**)&passwordExpirationTime);
+	slapi_ch_free((void**)&passwordExpirationTime);
 
 	/* Check if password has been reset */
 	if ( pw_exp_date == NO_TIME ) {