1 files changed, 14 insertions, 11 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
index ebefad615..99fc10405 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
@@ -850,12 +850,6 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
         }
     }
 
-    /* set Password Expiration date */
-    if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) {
-        LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n");
-        goto done;
-    }
-
     /* Don't set a last password change or expiration on host passwords. 
      * krbLastPwdChange is used to tell whether we have a valid keytab. If we
      * set it on userPassword it confuses enrollment. If krbPasswordExpiration
@@ -865,7 +859,20 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
      * ipapwd_setkeytab().
      */
     ipahost = slapi_value_new_string("ipaHost");
-    if (!pwdop->pwdata.target || (slapi_entry_attr_has_syntax_value(pwdop->pwdata.target, SLAPI_ATTR_OBJECTCLASS, ipahost)) == 0) {
+    if (!pwdop->pwdata.target ||
+        (slapi_entry_attr_has_syntax_value(pwdop->pwdata.target,
+                                           SLAPI_ATTR_OBJECTCLASS,
+                                           ipahost)) == 0) {
+
+        /* set Password Expiration date */
+        if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) {
+            LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n");
+            goto done;
+        }
+        strftime(timestr, GENERALIZED_TIME_LENGTH+1,
+                 "%Y%m%d%H%M%SZ", &utctime);
+        slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
+                              "krbPasswordExpiration", timestr);
         /* change Last Password Change field with the current date */
         if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) {
             LOG_FATAL("failed to parse current date (buggy gmtime_r ?)\n");
@@ -876,10 +883,6 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
                  "%Y%m%d%H%M%SZ", &utctime);
         slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
                               "krbLastPwdChange", timestr);
-        strftime(timestr, GENERALIZED_TIME_LENGTH+1,
-                 "%Y%m%d%H%M%SZ", &utctime);
-        slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-                              "krbPasswordExpiration", timestr);
     }
     slapi_value_free(&ipahost);