[email protected] wrote: > Thanks. Applied a similar patch to cvs HEAD, after fixing a memory leak. > > Reproducing the bug: > > userPassword can exist without pwdChangedTime if you bypass > ppolicy: Use slapadd to add an entry with userPassword, or add > it to a subtree with no policy and then configure a policy. > > Then set up ppolicy and use ldapmodify to delete userPassword. > In that case the correct fix is to skip the pwdChangedTime attribute completely. The ppolicy spec says that entries without pwdChangedTime are not subject to password expiration at all.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
