summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2011-06-16 12:31:09 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-06-16 18:15:35 -0400
commita950b3f31ec88e40e40a28e0902baf92a6b57e03 (patch)
tree884836562c240b73dcbac0a48acbbb1828781c2a
parent1240496176a07e804c57d43926509d5ccbf0fc41 (diff)
downloadsssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.tar.gz
sssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.tar.bz2
sssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.zip
Do not check pwdAttribute
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
-rw-r--r--src/providers/ldap/ldap_auth.c9
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index fd43c432..4f60525d 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -257,15 +257,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
return EINVAL;
}
- mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL);
- if (mark != NULL) {
- DEBUG(9, ("Found pwdAttribute, "
- "assuming LDAP password policies are active.\n"));
-
- *type = PWEXPIRE_LDAP_PASSWORD_POLICY;
- return EOK;
- }
-
if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) {
DEBUG(9, ("No password policy requested.\n"));
return EOK;