Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak. Reproducing the bug:
userPassword can exist without pwdChangedTime if you bypass ppolicy: Use slapadd to add an entry with userPassword, or add it to a subtree with no policy and then configure a policy. Then set up ppolicy and use ldapmodify to delete userPassword. -- Hallvard
