From: Ondřej Kuzník Date: Thu, 16 Sep 2021 09:36:20 +0000 (+0100) Subject: ITS#9671 Revert some NO-USER-MODIFICATION flags in ppolicy X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77dfb204c13c380508e8879dad6866bdf98d0374;p=thirdparty%2Fopenldap.git ITS#9671 Revert some NO-USER-MODIFICATION flags in ppolicy --- diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5 index 8bd068b4f1..8938994353 100644 --- a/doc/man/man5/slapo-ppolicy.5 +++ b/doc/man/man5/slapo-ppolicy.5 @@ -790,7 +790,6 @@ policy rules will be enforced. EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE\-VALUE - NO\-USER\-MODIFICATION USAGE directoryOperation) .RE @@ -835,7 +834,6 @@ password policy attribute is set to "TRUE". EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE\-VALUE - NO\-USER\-MODIFICATION USAGE directoryOperation) .RE @@ -991,7 +989,6 @@ applies. ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE\-VALUE - NO\-USER\-MODIFICATION USAGE directoryOperation ) .RE @@ -1010,7 +1007,6 @@ attribute does not exist, then this restriction does not apply. ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE\-VALUE - NO\-USER\-MODIFICATION USAGE directoryOperation ) .RE diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 56f638396d..7f6ecd03d0 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -161,7 +161,9 @@ static struct schema_info { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE " +#if 0 /* FIXME: ITS#9671 until we introduce a separate lockout flag? */ "NO-USER-MODIFICATION " +#endif "USAGE directoryOperation )", &ad_pwdAccountLockedTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.19 " @@ -203,7 +205,9 @@ static struct schema_info { "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE " +#if 0 /* ITS#9671: until we implement ITS#9343 or similar */ "NO-USER-MODIFICATION " +#endif "USAGE directoryOperation )", &ad_pwdPolicySubentry }, { "( 1.3.6.1.4.1.42.2.27.8.1.27 " @@ -213,7 +217,6 @@ static struct schema_info { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE " - "NO-USER-MODIFICATION " "USAGE directoryOperation )", &ad_pwdStartTime }, { "( 1.3.6.1.4.1.42.2.27.8.1.28 " @@ -223,7 +226,6 @@ static struct schema_info { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE " - "NO-USER-MODIFICATION " "USAGE directoryOperation )", &ad_pwdEndTime }, /* Defined in schema_prep.c now diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy index 34ee630887..ad6a0f44cd 100755 --- a/tests/scripts/test022-ppolicy +++ b/tests/scripts/test022-ppolicy @@ -78,7 +78,7 @@ if test $RC = 0 ; then fi echo "Using ldapadd to populate the database..." -$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -e '!relax' \ +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD \ < $LDIFPPOLICY >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then