From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 17 May 2024 02:19:31 +0000 (+1200)
Subject: dsdb: Reduce minimum maxPwdAge from 1 day to nil
X-Git-Tag: samba-4.19.8~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e65a4281c139b7d07560aad8963653b1eb6c70ea;p=thirdparty%2Fsamba.git

dsdb: Reduce minimum maxPwdAge from 1 day to nil

This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 3669479f22f2109a64250ffabd1f6453882d29f1)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
---

diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 8c8bfa89dde..9ca96ac27de 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -786,13 +786,13 @@ static NTTIME get_msds_user_password_expiry_time_computed(struct ldb_module *mod
 	 *
 	 * Possible values are in the range of:
 	 *
-	 * maxPwdAge: -864000000001
+	 * maxPwdAge: -2
 	 * to
 	 * maxPwdAge: -9223372036854775808 (-0x8000000000000000ULL)
 	 *
 	 */
 	maxPwdAge = get_user_max_pwd_age(module, msg, parent, domain_dn);
-	if (maxPwdAge >= -864000000000) {
+	if (maxPwdAge >= -1) {
 		/*
 		 * This is not really possible...
 		 */