mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated for draft 09, allow MANAGE for operational attrs.

Browse Source
This commit is contained in:
Howard Chu 2005-08-23 19:37:16 +00:00
parent 37f5c6aa0e
commit ef220ac1ef
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
servers/slapd/overlays/ppolicy.c
View File

@ -2,7 +2,7 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
* Copyright 2004-2005 The OpenLDAP Foundation. * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Howard Chu, Symas Corporation. * Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
* Portions Copyright 2004 Hewlett-Packard Company. * Portions Copyright 2004 Hewlett-Packard Company.
* All rights reserved. * All rights reserved.
* *
@ -23,7 +23,7 @@
#include "portable.h" #include "portable.h"
/* This file implements "Password Policy for LDAP Directories", /* This file implements "Password Policy for LDAP Directories",
* based on draft behera-ldap-password-policy-08 * based on draft behera-ldap-password-policy-09
*/ */
#ifdef SLAPD_OVER_PPOLICY #ifdef SLAPD_OVER_PPOLICY
@ -111,7 +111,7 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch " "EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch " "ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )", "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdChangedTime }, &ad_pwdChangedTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.17 " { "( 1.3.6.1.4.1.42.2.27.8.1.17 "
"NAME ( 'pwdAccountLockedTime' ) " "NAME ( 'pwdAccountLockedTime' ) "
@ -119,7 +119,7 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch " "EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch " "ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE USAGE directoryOperation )", "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdAccountLockedTime }, &ad_pwdAccountLockedTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.19 " { "( 1.3.6.1.4.1.42.2.27.8.1.19 "
"NAME ( 'pwdFailureTime' ) " "NAME ( 'pwdFailureTime' ) "
@ -127,21 +127,21 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch " "EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch " "ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"USAGE directoryOperation )", "NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdFailureTime }, &ad_pwdFailureTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.20 " { "( 1.3.6.1.4.1.42.2.27.8.1.20 "
"NAME ( 'pwdHistory' ) " "NAME ( 'pwdHistory' ) "
"DESC 'The history of users passwords' " "DESC 'The history of users passwords' "
"EQUALITY octetStringMatch " "EQUALITY octetStringMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
"USAGE directoryOperation NO-USER-MODIFICATION )", "NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdHistory }, &ad_pwdHistory },
{ "( 1.3.6.1.4.1.42.2.27.8.1.21 " { "( 1.3.6.1.4.1.42.2.27.8.1.21 "
"NAME ( 'pwdGraceUseTime' ) " "NAME ( 'pwdGraceUseTime' ) "
"DESC 'The timestamps of the grace login once the password has expired' " "DESC 'The timestamps of the grace login once the password has expired' "
"EQUALITY generalizedTimeMatch " "EQUALITY generalizedTimeMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"USAGE directoryOperation NO-USER-MODIFICATION )", "NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdGraceUseTime }, &ad_pwdGraceUseTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.22 " { "( 1.3.6.1.4.1.42.2.27.8.1.22 "
"NAME ( 'pwdReset' ) " "NAME ( 'pwdReset' ) "
@ -155,7 +155,7 @@ static struct schema_info {
"DESC 'The pwdPolicy subentry in effect for this object' " "DESC 'The pwdPolicy subentry in effect for this object' "
"EQUALITY distinguishedNameMatch " "EQUALITY distinguishedNameMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
"SINGLE-VALUE USAGE directoryOperation )", "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdPolicySubentry }, &ad_pwdPolicySubentry },
{ NULL, NULL } { NULL, NULL }
}; };
@ -1768,6 +1768,11 @@ int ppolicy_init()
scherr2str(code), err ); scherr2str(code), err );
return code; return code;
} }
/* Allow Manager to set these as needed */
if ( is_at_no_user_mod( (*pwd_OpSchema[i].ad)->ad_type )) {
(*pwd_OpSchema[i].ad)->ad_type->sat_flags |=
SLAP_AT_MANAGEABLE;
}
} }
code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST, code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,