ldap/servers/slapd/pw.c | 58 ++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 26 deletions(-)
New commits: commit dd90d19917594e5cad81f90b7a35f220c5230b96 Author: Noriko Hosoi nhosoi@redhat.com Date: Mon Jan 11 17:57:28 2016 -0800
Ticket #548 - RFE: Allow AD password sync to update shadowLastChange
Description: Commit 17f3624c19929ffa1d37a567b7a889fd397cca59 for the this ticket always replaced the shadow attributes before sending the entry back to the client. It is not just necessary but harmful since it could cause the conflicts among threads that return same entries.
https://fedorahosted.org/389/ticket/548
Reviewed by wibrown@redhat.com (Thank you, William!!)
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 69756f3..a6574ac 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -2879,41 +2879,47 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry *e) bvals[1] = NULL;
/* shadowMin - the minimum number of days required between password changes. */ - if (pwpolicy->pw_minage > 0) { - shadowval = pwpolicy->pw_minage / _SEC_PER_DAY; - } else { - shadowval = 0; + if (!slapi_entry_attr_exists(e, "shadowMin")) { + if (pwpolicy->pw_minage > 0) { + shadowval = pwpolicy->pw_minage / _SEC_PER_DAY; + } else { + shadowval = 0; + } + bv.bv_val = slapi_ch_smprintf("%ld", shadowval); + bv.bv_len = strlen(bv.bv_val); + slapi_entry_attr_merge(e, "shadowMin", bvals); + slapi_ch_free_string(&bv.bv_val); } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowMin", bvals); - slapi_ch_free_string(&bv.bv_val);
/* shadowMax - the maximum number of days for which the user password remains valid. */ - if (pwpolicy->pw_maxage > 0) { - shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY; - exptime = time_plus_sec(current_time(), pwpolicy->pw_maxage); - } else { - shadowval = 99999; + if (!slapi_entry_attr_exists(e, "shadowMax")) { + if (pwpolicy->pw_maxage > 0) { + shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY; + exptime = time_plus_sec(current_time(), pwpolicy->pw_maxage); + } else { + shadowval = 99999; + } + bv.bv_val = slapi_ch_smprintf("%ld", shadowval); + bv.bv_len = strlen(bv.bv_val); + slapi_entry_attr_replace(e, "shadowMax", bvals); + slapi_ch_free_string(&bv.bv_val); } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowMax", bvals); - slapi_ch_free_string(&bv.bv_val);
/* shadowWarning - the number of days of advance warning given to the user before the user password expires. */ - if (pwpolicy->pw_warning > 0) { - shadowval = pwpolicy->pw_warning / _SEC_PER_DAY; - } else { - shadowval = 0; + if (!slapi_entry_attr_exists(e, "shadowWarning")) { + if (pwpolicy->pw_warning > 0) { + shadowval = pwpolicy->pw_warning / _SEC_PER_DAY; + } else { + shadowval = 0; + } + bv.bv_val = slapi_ch_smprintf("%ld", shadowval); + bv.bv_len = strlen(bv.bv_val); + slapi_entry_attr_replace(e, "shadowWarning", bvals); + slapi_ch_free_string(&bv.bv_val); } - bv.bv_val = slapi_ch_smprintf("%ld", shadowval); - bv.bv_len = strlen(bv.bv_val); - slapi_entry_attr_replace(e, "shadowWarning", bvals); - slapi_ch_free_string(&bv.bv_val);
/* shadowExpire - the date on which the user login will be disabled. */ - if (exptime) { + if (exptime && !slapi_entry_attr_exists(e, "shadowExpire")) { exptime /= _SEC_PER_DAY; bv.bv_val = slapi_ch_smprintf("%ld", exptime); bv.bv_len = strlen(bv.bv_val);
389-commits@lists.fedoraproject.org
-
Noriko Hosoi