From 3669479f22f2109a64250ffabd1f6453882d29f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 17 May 2024 14:19:31 +1200
Subject: [PATCH] dsdb: Reduce minimum maxPwdAge from 1 day to nil

This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
---
 source4/dsdb/samdb/ldb_modules/operational.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index eac9182256f..867bc4fff95 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -780,13 +780,13 @@ static NTTIME get_msds_user_password_expiry_time_computed(struct ldb_module *mod
 	 *
 	 * Possible values are in the range of:
 	 *
-	 * maxPwdAge: -864000000001
+	 * maxPwdAge: -2
 	 * to
 	 * maxPwdAge: -9223372036854775808 (INT64_MIN)
 	 *
 	 */
 	maxPwdAge = get_user_max_pwd_age(module, msg, parent, domain_dn);
-	if (maxPwdAge >= -864000000000) {
+	if (maxPwdAge >= -1) {
 		/*
 		 * This is not really possible...
 		 */
-- 
2.47.3