diff options
author | Ralf Haferkamp <rhafer@suse.de> | 2010-03-12 15:06:44 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-03-15 08:15:28 -0400 |
commit | 71c4f9723d2f7ffd8450f4ec28d39dda1e3e42a3 (patch) | |
tree | d9671c5872489d739a034abb3e5e7bf4cc5a981c | |
parent | 066d9dd078fdd341318d8c8118d845c8c48253b8 (diff) | |
download | sssd-71c4f9723d2f7ffd8450f4ec28d39dda1e3e42a3.tar.gz sssd-71c4f9723d2f7ffd8450f4ec28d39dda1e3e42a3.tar.bz2 sssd-71c4f9723d2f7ffd8450f4ec28d39dda1e3e42a3.zip |
Fixed check for expired passwords
When the user's password is expired it might also be indicated by
the bind operation returning "INVALID_CREDENTIALS" with the ppolicy
control's errorcode set to "PP_passwordExpired".
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 18e47d3b..fe8a5018 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -421,8 +421,10 @@ static void simple_bind_done(struct sdap_op *op, "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error))); - if (state->result == LDAP_SUCCESS && - (pp_error == PP_changeAfterReset || pp_grace > 0)) { + if ((state->result == LDAP_SUCCESS && + (pp_error == PP_changeAfterReset || pp_grace > 0)) || + (state->result == LDAP_INVALID_CREDENTIALS && + pp_error == PP_passwordExpired ) ) { DEBUG(4, ("User must set a new password.\n")); state->result = LDAP_X_SSSD_PASSWORD_EXPIRED; } |