diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 4091ced8b9..4d99ad91db 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -365,6 +365,9 @@ ppolicy_get( Operation *op, Entry *e, PassPolicy *pp ) memset( pp, 0, sizeof(PassPolicy) ); + /* Users can change their own password by default */ + pp->pwdAllowUserChange = 1; + if ((a = attr_find( e->e_attrs, ad_pwdPolicySubentry )) == NULL) { /* * entry has no password policy assigned - use default @@ -1447,7 +1450,8 @@ ppolicy_modify( Operation *op, SlapReply *rs ) } } - if (delmod && (pa = attr_find( e->e_attrs, pp.ad )) != NULL) { + /* pa is used in password history check below, be sure it's set */ + if ((pa = attr_find( e->e_attrs, pp.ad )) != NULL && delmod) { /* * we have a password to check */