https://bugzilla.redhat.com/show_bug.cgi?id=216522
Resolves: bug 216522
Bug Description: The global password policy was always being used for
password changes made with the password modify extended operation,
even if a local policy was defined for the user/subtree.
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: The password modify extended operation ends up using an
internal modify operation to perform the actual change. Unfortunately,
we don't look for local password policies for internal operations.
When choosing between the global and local password policies,
we should always choose the local policy if one applies, regardless of the
operation being internal or not. This fix simply makes us check for local
policies for internal operations.
A change was needed with where we fetch the policy when we are returning a
result. We used to always fetch a policy, even though we only needed
it when
we were dealing with an error 49. This was causing us to infinitely
recurse
with the above change for fetching local policies for internal
operations. The
password policy code would perform an internal search for the local policy
container, which would trigger the policy to be looked up again when
we return
the result for the internal operation. Since we only need to fetch
the policy
at result time for an error 49, I changed the code to only fetch the
policy in
this case. This case will never be true for an internal operation
since we
don't need to provide a bind DN or password.
Platforms tested: Fedora 9 i686
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=324353&action=diff
--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
