https://fedorahosted.org/389/ticket/47351 https://fedorahosted.org/389/attachment/ticket/47351/0001-Ticket-47351-Passsync-loops-when-updating-password-o.patch Bug description: If a password of a user is updated/reset, whose account is disabled/inactivated on both AD and DS, the password update is endlessly repeated on AD and DS. Fix description: A method CanBind in syncserv is used to determine modify password is needed in the first round as well as to check the modification was successful in the second round. The following modification in SyncPassword invokes the server side's WinSync plugin to send the modify back, and SyncPassword is invoked as the second round. If the return code from CanBind is not LDAP_INVALID_ CREDENTIALS (e.g., LDAP_UNWILLING_TO_PERFORM for the inactivated account), the second round CanBind wound not return LDAP_SUCCESS even if the password is correctly updated. That's said, if Can- Bind returns any error other than LDAP_INVALID_CREDENTIALS, we should defer the password update. Note: Changes in passhook.cpp are all indentation fix. -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
