diff options
| author | Sumit Bose <sbose@redhat.com> | 2011-06-16 12:31:09 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-16 18:15:35 -0400 |
| commit | a950b3f31ec88e40e40a28e0902baf92a6b57e03 (patch) | |
| tree | 884836562c240b73dcbac0a48acbbb1828781c2a | |
| parent | 1240496176a07e804c57d43926509d5ccbf0fc41 (diff) | |
| download | sssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.tar.gz sssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.tar.bz2 sssd-a950b3f31ec88e40e40a28e0902baf92a6b57e03.zip | |
Do not check pwdAttribute
It is not safe to check pwdAttribute to see if server side password
policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is
present the bind response we can assume that there is a server side
password policy.
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index fd43c432..4f60525d 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -257,15 +257,6 @@ static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, return EINVAL; } - mark = ldb_msg_find_attr_as_string(msg, SYSDB_PWD_ATTRIBUTE, NULL); - if (mark != NULL) { - DEBUG(9, ("Found pwdAttribute, " - "assuming LDAP password policies are active.\n")); - - *type = PWEXPIRE_LDAP_PASSWORD_POLICY; - return EOK; - } - if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { DEBUG(9, ("No password policy requested.\n")); return EOK; |