From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Wed, 3 Jun 2020 10:09:34 +0000 (+0100)
Subject: ITS#7788 Allow pwdFailureTime tracking be disabled in policy
X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~31^2~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a030aacc39dac71ba4005e6443b271d671fc72ab;p=thirdparty%2Fopenldap.git

ITS#7788 Allow pwdFailureTime tracking be disabled in policy
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 88039249fe..f3bed2dac5 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -759,8 +759,6 @@ ppolicy_get_default( PassPolicy *pp )
 
 	/* Users can change their own password by default */
 	pp->pwdAllowUserChange = 1;
-	if ( !pp->pwdMaxRecordedFailure )
-		pp->pwdMaxRecordedFailure = PPOLICY_DEFAULT_MAXRECORDED_FAILURE;
 }
 
 
@@ -907,7 +905,7 @@ ppolicy_get( Operation *op, Entry *e, PassPolicy *pp )
 
 	if ( pp->pwdMaxRecordedFailure < pp->pwdMaxFailure )
 		pp->pwdMaxRecordedFailure = pp->pwdMaxFailure;
-	if ( !pp->pwdMaxRecordedFailure )
+	if ( !pp->pwdMaxRecordedFailure && pp->pwdMinDelay )
 		pp->pwdMaxRecordedFailure = PPOLICY_DEFAULT_MAXRECORDED_FAILURE;
 
 	if ( pp->pwdMinDelay && !pp->pwdMaxDelay ) {
@@ -1349,7 +1347,7 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
 	snprintf( timestamp_usec.bv_val + timestamp_usec.bv_len-1, sizeof(".123456Z"), ".%06dZ", now_usec.tt_usec );
 	timestamp_usec.bv_len += STRLENOF(".123456");
 
-	if ( rs->sr_err == LDAP_INVALID_CREDENTIALS ) {
+	if ( rs->sr_err == LDAP_INVALID_CREDENTIALS && ppb->pp.pwdMaxRecordedFailure ) {
 		int i = 0;
 
 		m = ch_calloc( sizeof(Modifications), 1 );