ITS#9671 Revert some NO-USER-MODIFICATION flags in ppolicy

diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 8bd068b4f136371b7b009b65bf5e3a2945c96263..893899435319fd7b992d438a48b7ae1f4898d246 100644 (file)
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -790,7 +790,6 @@ policy rules will be enforced.
    EQUALITY distinguishedNameMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
    SINGLE\-VALUE
-   NO\-USER\-MODIFICATION
    USAGE directoryOperation)
 .RE
 
@@ -835,7 +834,6 @@ password policy attribute is set to "TRUE".
    EQUALITY generalizedTimeMatch
    ORDERING generalizedTimeOrderingMatch
    SINGLE\-VALUE
-   NO\-USER\-MODIFICATION
    USAGE directoryOperation)
 .RE
 
@@ -991,7 +989,6 @@ applies.
    ORDERING generalizedTimeOrderingMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
    SINGLE\-VALUE
-   NO\-USER\-MODIFICATION
    USAGE directoryOperation )
 .RE
 
@@ -1010,7 +1007,6 @@ attribute does not exist, then this restriction does not apply.
    ORDERING generalizedTimeOrderingMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
    SINGLE\-VALUE
-   NO\-USER\-MODIFICATION
    USAGE directoryOperation )
 .RE
 

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 56f638396d08ffcd0e4624d9b914c8a2797a19c0..7f6ecd03d047d81ba80aff1de2c0a86c1f8eec12 100644 (file)
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -161,7 +161,9 @@ static struct schema_info {
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
                "SINGLE-VALUE "
+#if 0 /* FIXME: ITS#9671 until we introduce a separate lockout flag? */
                "NO-USER-MODIFICATION "
+#endif
                "USAGE directoryOperation )",
                &ad_pwdAccountLockedTime },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.19 "
@@ -203,7 +205,9 @@ static struct schema_info {
                "EQUALITY distinguishedNameMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
                "SINGLE-VALUE "
+#if 0 /* ITS#9671: until we implement ITS#9343 or similar */
                "NO-USER-MODIFICATION "
+#endif
                "USAGE directoryOperation )",
                &ad_pwdPolicySubentry },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.27 "
@@ -213,7 +217,6 @@ static struct schema_info {
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
                "SINGLE-VALUE "
-               "NO-USER-MODIFICATION "
                "USAGE directoryOperation )",
                &ad_pwdStartTime },
        {       "( 1.3.6.1.4.1.42.2.27.8.1.28 "
@@ -223,7 +226,6 @@ static struct schema_info {
                "ORDERING generalizedTimeOrderingMatch "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
                "SINGLE-VALUE "
-               "NO-USER-MODIFICATION "
                "USAGE directoryOperation )",
                &ad_pwdEndTime },
        /* Defined in schema_prep.c now

diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy
index 34ee6308871c8acc3a15f0494280cc6e2208b45a..ad6a0f44cd471570b3d792f58c6ac76151585a9d 100755 (executable)
--- a/tests/scripts/test022-ppolicy
+++ b/tests/scripts/test022-ppolicy
@@ -78,7 +78,7 @@ if test $RC = 0 ; then
 fi
 
 echo "Using ldapadd to populate the database..."
-$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -e '!relax' \
+$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD \
        < $LDIFPPOLICY >> $TESTOUT 2>&1
 RC=$?
 if test $RC != 0 ; then