From 71c4f9723d2f7ffd8450f4ec28d39dda1e3e42a3 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Fri, 12 Mar 2010 15:06:44 +0100 Subject: Fixed check for expired passwords When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired". --- src/providers/ldap/sdap_async_connection.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 18e47d3b..fe8a5018 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -421,8 +421,10 @@ static void simple_bind_done(struct sdap_op *op, "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error))); - if (state->result == LDAP_SUCCESS && - (pp_error == PP_changeAfterReset || pp_grace > 0)) { + if ((state->result == LDAP_SUCCESS && + (pp_error == PP_changeAfterReset || pp_grace > 0)) || + (state->result == LDAP_INVALID_CREDENTIALS && + pp_error == PP_passwordExpired ) ) { DEBUG(4, ("User must set a new password.\n")); state->result = LDAP_X_SSSD_PASSWORD_EXPIRED; } -- cgit