external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 8afd9357 | patch | commit | ignore whitespace

Extracted method PasswordPolicyState.isLocked().

Jean-Noel Rouvignac

14.56.2015 7d8cef5c212813bf211a0c243bcfa7c45875152f

Extracted method PasswordPolicyState.isLocked().

PasswordPolicyState.java:
Extracted methods isLocked(), computeHighestTime() and newAttribute()

*.java:
Used PasswordPolicyState.isLocked().

6 files modified

	opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java	143 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/core/SearchOperationBasis.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java	5 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java	5 ●●●●● patch \| view \| raw \| blame \| history

 opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV1Control.java

@@ -304,11 +304,7 @@
    if (state.isPasswordPolicy())
    {
      PasswordPolicyState pwpState = (PasswordPolicyState) state;
      if (pwpState.isAccountExpired() ||
          pwpState.lockedDueToFailures() ||
          pwpState.lockedDueToIdleInterval() ||
          pwpState.lockedDueToMaximumResetAge() ||
          pwpState.isPasswordExpired())
      if (pwpState.isAccountExpired() || pwpState.isLocked() || pwpState.isPasswordExpired())
      {
        LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(authzDN);
        throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);

 opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java

@@ -308,11 +308,7 @@
    if (state.isPasswordPolicy())
    {
      PasswordPolicyState pwpState = (PasswordPolicyState) state;
      if (pwpState.isAccountExpired() ||
          pwpState.lockedDueToFailures() ||
          pwpState.lockedDueToIdleInterval() ||
          pwpState.lockedDueToMaximumResetAge() ||
          pwpState.isPasswordExpired())
      if (pwpState.isAccountExpired() || pwpState.isLocked() || pwpState.isPasswordExpired())
      {
        LocalizableMessage message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(userEntry.getName());
        throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);

 opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java

@@ -89,7 +89,6 @@
  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();



  /** The string representation of the user's DN. */
  private final String userDNString;

@@ -104,25 +103,19 @@

  /** Indicates whether the user's account is expired. */
  private ConditionResult isAccountExpired = ConditionResult.UNDEFINED;

  /** Indicates whether the user's password is expired. */
  private ConditionResult isPasswordExpired = ConditionResult.UNDEFINED;

  /** Indicates whether the warning to send to the client would be the first warning for the user. */
  private ConditionResult isFirstWarning = ConditionResult.UNDEFINED;

  /** Indicates whether the user's account is locked by the idle lockout. */
  private ConditionResult isIdleLocked = ConditionResult.UNDEFINED;

  /**
   * Indicates whether the user may use a grace login if the password is expired and there are one
   * or more grace logins remaining.
   */
  private ConditionResult mayUseGraceLogin = ConditionResult.UNDEFINED;

  /** Indicates whether the user's password must be changed. */
  private ConditionResult mustChangePassword = ConditionResult.UNDEFINED;

  /** Indicates whether the user should be warned of an upcoming expiration. */
  private ConditionResult shouldWarn = ConditionResult.UNDEFINED;

@@ -131,25 +124,19 @@

  /** The set of authentication failure times for this user. */
  private List<Long> authFailureTimes;

  /** The set of grace login times for this user. */
  private List<Long> graceLoginTimes;

  /** The time that the user's account should expire (or did expire). */
  private long accountExpirationTime = Long.MIN_VALUE;

  /** The time that the user's entry was locked due to too many authentication failures. */
  private long failureLockedTime = Long.MIN_VALUE;

  /** The time that the user last authenticated to the Directory Server. */
  private long lastLoginTime = Long.MIN_VALUE;

  /** The time that the user's password should expire (or did expire). */
  private long passwordExpirationTime = Long.MIN_VALUE;

  /** The last required change time with which the user complied. */
  private long requiredChangeTime = Long.MIN_VALUE;

  /** The time that the user was first warned about an upcoming expiration. */
  private long warnedTime = Long.MIN_VALUE;

@@ -298,7 +285,6 @@
  }


  /** {@inheritDoc} */
  @Override
  public PasswordPolicy getAuthenticationPolicy()
  {
@@ -711,9 +697,7 @@

      if (valuesToRemove != null)
      {
        AttributeBuilder builder = new AttributeBuilder(type);
        builder.addAll(valuesToRemove);
        Attribute a = builder.toAttribute();
        Attribute a = newAttribute(type, valuesToRemove);
        modifications.add(new Modification(ModificationType.DELETE, a, true));
      }
    }
@@ -746,21 +730,7 @@


    List<Long> failureTimes = getAuthFailureTimes();
    // Note: failureTimes == this.authFailureTimes
    long highestFailureTime = -1;
    for (Long l : failureTimes)
    {
      highestFailureTime = Math.max(l, highestFailureTime);
    }

    if (highestFailureTime >= currentTime)
    {
      highestFailureTime++;
    }
    else
    {
      highestFailureTime = currentTime;
    }
    long highestFailureTime = computeHighestTime(failureTimes);
    // Update the current policy state
    failureTimes.add(highestFailureTime);

@@ -806,7 +776,7 @@
    AttributeBuilder builder = new AttributeBuilder(type);
    long highestFailureTime = -1;

    for (Long l : authFailureTimes)
    for (long l : authFailureTimes)
    {
      highestFailureTime = Math.max(l, highestFailureTime);
      builder.add(GeneralizedTimeSyntax.format(l));
@@ -1471,7 +1441,15 @@
    return locked;
  }


  /**
   * Returns whether the account was locked for any reason.
   *
   * @return true if the account is locked, false otherwise
   */
  public boolean isLocked()
  {
    return lockedDueToIdleInterval() || lockedDueToMaximumResetAge() || lockedDueToFailures();
  }

  /**
   * Retrieves the time that the user's password should expire (if the expiration is in the future) or
@@ -2062,20 +2040,7 @@
    }

    List<Long> graceTimes = getGraceLoginTimes();
    long highestGraceTime = -1;
    for (Long l : graceTimes)
    {
      highestGraceTime = Math.max(l, highestGraceTime);
    }

    if (highestGraceTime >= currentTime)
    {
      highestGraceTime++;
    }
    else
    {
      highestGraceTime = currentTime;
    }
    long highestGraceTime = computeHighestTime(graceTimes);
    graceTimes.add(highestGraceTime); // graceTimes == this.graceLoginTimes

    AttributeType type = DirectoryServer.getAttributeTypeOrDefault(
@@ -2084,6 +2049,25 @@
    modifications.add(new Modification(ModificationType.ADD, addAttr, true));
  }

  private long computeHighestTime(List<Long> graceTimes)
  {
    long highestTime = -1;
    for (long l : graceTimes)
    {
      highestTime = Math.max(l, highestTime);
    }

    if (highestTime >= currentTime)
    {
      highestTime++;
    }
    else
    {
      highestTime = currentTime;
    }
    return highestTime;
  }



  /**
@@ -2109,7 +2093,7 @@

    AttributeType type = DirectoryServer.getAttributeTypeOrDefault(OP_ATTR_PWPOLICY_GRACE_LOGIN_TIME_LC);
    AttributeBuilder builder = new AttributeBuilder(type);
    for (Long l : graceLoginTimes)
    for (long l : graceLoginTimes)
    {
      builder.add(GeneralizedTimeSyntax.format(l));
    }
@@ -2210,7 +2194,6 @@



  /** {@inheritDoc} */
  @Override
  public boolean passwordMatches(ByteString password)
  {
@@ -2516,16 +2499,12 @@
      return;
    }

    AttributeBuilder builder = new AttributeBuilder(type);
    builder.addAll(removedValues);
    Attribute a = builder.toAttribute();
    Attribute a = newAttribute(type, removedValues);
    modifications.add(new Modification(ModificationType.DELETE, a, true));

    if (! addedValues.isEmpty())
    {
      builder = new AttributeBuilder(type);
      builder.addAll(addedValues);
      Attribute a2 = builder.toAttribute();
      Attribute a2 = newAttribute(type, addedValues);
      modifications.add(new Modification(ModificationType.ADD, a2, true));
    }

@@ -2607,14 +2586,11 @@
      while (iterator.hasNext())
      {
        long historyDate = iterator.next();
        if (historyDate < retainDate)
        {
          iterator.remove();
        }
        else
        if (historyDate >= retainDate)
        {
          break;
        }
        iterator.remove();
      }
    }

@@ -2686,7 +2662,6 @@
              if (logger.isTraceEnabled())
              {
                logger.traceException(e);

                logger.trace("Could not decode the timestamp in history value " + histStr + " -- " + e +
                    ".  Marking it for removal.");
              }
@@ -2767,11 +2742,7 @@
      if (logger.isTraceEnabled())
      {
        logger.traceException(e);

        if (logger.isTraceEnabled())
        {
          logger.trace("Returning false because of an exception:  " + stackTraceToSingleLineString(e));
        }
        logger.trace("Returning false because of an exception:  " + stackTraceToSingleLineString(e));
      }

      return false;
@@ -2906,9 +2877,7 @@

      if (! removeValues.isEmpty())
      {
        AttributeBuilder builder = new AttributeBuilder(historyType);
        builder.addAll(removeValues);
        removeAttrs.add(builder.toAttribute());
        removeAttrs.add(newAttribute(historyType, removeValues));
      }
    }

@@ -2923,28 +2892,24 @@
      while (iterator.hasNext())
      {
        long timestamp = iterator.next();
        if (timestamp < minAgeToKeep)
        {
          ByteString v = historyMap.get(timestamp);
          removeValues.add(v);
          iterator.remove();

          if (logger.isTraceEnabled())
          {
            logger.trace("Removing history value %s to preserve the history duration.", v);
          }
        }
        else
        if (timestamp >= minAgeToKeep)
        {
          break;
        }

        ByteString v = historyMap.get(timestamp);
        removeValues.add(v);
        iterator.remove();

        if (logger.isTraceEnabled())
        {
          logger.trace("Removing history value %s to preserve the history duration.", v);
        }
      }

      if (! removeValues.isEmpty())
      {
        AttributeBuilder builder = new AttributeBuilder(historyType);
        builder.addAll(removeValues);
        removeAttrs.add(builder.toAttribute());
        removeAttrs.add(newAttribute(historyType, removeValues));
      }
    }

@@ -2976,7 +2941,12 @@
    modifications.add(new Modification(ModificationType.ADD, newHistAttr, true));
  }


  private Attribute newAttribute(AttributeType type, LinkedHashSet<ByteString> values)
  {
    AttributeBuilder builder = new AttributeBuilder(type);
    builder.addAll(values);
    return builder.toAttribute();
  }

  /**
   * Retrieves the password history state values for the user.  This is only intended for testing purposes.
@@ -3095,7 +3065,6 @@



  /** {@inheritDoc} */
  @Override
  public void finalizeStateAfterBind()
         throws DirectoryException

 opendj-server-legacy/src/main/java/org/opends/server/core/SearchOperationBasis.java

@@ -559,9 +559,7 @@

          boolean isInactive = pwpState.isDisabled()
              || pwpState.isAccountExpired();
          boolean isLocked = pwpState.lockedDueToFailures()
              || pwpState.lockedDueToMaximumResetAge()
              || pwpState.lockedDueToIdleInterval();
          boolean isLocked = pwpState.isLocked();
          boolean isReset = pwpState.mustChangePassword();
          boolean isExpired = pwpState.isPasswordExpired();


 opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java

@@ -448,10 +448,7 @@
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_DISABLED.get());
        return;
      }
      else if (selfChange
          && (pwPolicyState.lockedDueToFailures()
              || pwPolicyState.lockedDueToIdleInterval()
              || pwPolicyState.lockedDueToMaximumResetAge()))
      else if (selfChange && pwPolicyState.isLocked())
      {
        if (pwPolicyRequested)
        {

 opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java

@@ -1650,10 +1650,7 @@
    }


    // See if the account was locked for any reason.
    wasLocked = pwPolicyState.lockedDueToIdleInterval() ||
                pwPolicyState.lockedDueToMaximumResetAge() ||
                pwPolicyState.lockedDueToFailures();
    wasLocked = pwPolicyState.isLocked();

    // Update the password policy state attributes in the user's entry.  If the
    // modification fails, then these changes won't be applied.

			@@ -304,11 +304,7 @@
			if (state.isPasswordPolicy())
			{
			PasswordPolicyState pwpState = (PasswordPolicyState) state;
			if (pwpState.isAccountExpired() \|\|
			pwpState.lockedDueToFailures() \|\|
			pwpState.lockedDueToIdleInterval() \|\|
			pwpState.lockedDueToMaximumResetAge() \|\|
			pwpState.isPasswordExpired())
			if (pwpState.isAccountExpired() \|\| pwpState.isLocked() \|\| pwpState.isPasswordExpired())
			{
			LocalizableMessage message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(authzDN);
			throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);

			@@ -308,11 +308,7 @@
			if (state.isPasswordPolicy())
			{
			PasswordPolicyState pwpState = (PasswordPolicyState) state;
			if (pwpState.isAccountExpired() \|\|
			pwpState.lockedDueToFailures() \|\|
			pwpState.lockedDueToIdleInterval() \|\|
			pwpState.lockedDueToMaximumResetAge() \|\|
			pwpState.isPasswordExpired())
			if (pwpState.isAccountExpired() \|\| pwpState.isLocked() \|\| pwpState.isPasswordExpired())
			{
			LocalizableMessage message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(userEntry.getName());
			throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);

			@@ -89,7 +89,6 @@
			private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();



			/** The string representation of the user's DN. */
			private final String userDNString;

			@@ -104,25 +103,19 @@

			/** Indicates whether the user's account is expired. */
			private ConditionResult isAccountExpired = ConditionResult.UNDEFINED;

			/** Indicates whether the user's password is expired. */
			private ConditionResult isPasswordExpired = ConditionResult.UNDEFINED;

			/** Indicates whether the warning to send to the client would be the first warning for the user. */
			private ConditionResult isFirstWarning = ConditionResult.UNDEFINED;

			/** Indicates whether the user's account is locked by the idle lockout. */
			private ConditionResult isIdleLocked = ConditionResult.UNDEFINED;

			/**
			* Indicates whether the user may use a grace login if the password is expired and there are one
			* or more grace logins remaining.
			*/
			private ConditionResult mayUseGraceLogin = ConditionResult.UNDEFINED;

			/** Indicates whether the user's password must be changed. */
			private ConditionResult mustChangePassword = ConditionResult.UNDEFINED;

			/** Indicates whether the user should be warned of an upcoming expiration. */
			private ConditionResult shouldWarn = ConditionResult.UNDEFINED;

			@@ -131,25 +124,19 @@

			/** The set of authentication failure times for this user. */
			private List<Long> authFailureTimes;

			/** The set of grace login times for this user. */
			private List<Long> graceLoginTimes;

			/** The time that the user's account should expire (or did expire). */
			private long accountExpirationTime = Long.MIN_VALUE;

			/** The time that the user's entry was locked due to too many authentication failures. */
			private long failureLockedTime = Long.MIN_VALUE;

			/** The time that the user last authenticated to the Directory Server. */
			private long lastLoginTime = Long.MIN_VALUE;

			/** The time that the user's password should expire (or did expire). */
			private long passwordExpirationTime = Long.MIN_VALUE;

			/** The last required change time with which the user complied. */
			private long requiredChangeTime = Long.MIN_VALUE;

			/** The time that the user was first warned about an upcoming expiration. */
			private long warnedTime = Long.MIN_VALUE;

			@@ -298,7 +285,6 @@
			}


			/** {@inheritDoc} */
			@Override
			public PasswordPolicy getAuthenticationPolicy()
			{
			@@ -711,9 +697,7 @@

			if (valuesToRemove != null)
			{
			AttributeBuilder builder = new AttributeBuilder(type);
			builder.addAll(valuesToRemove);
			Attribute a = builder.toAttribute();
			Attribute a = newAttribute(type, valuesToRemove);
			modifications.add(new Modification(ModificationType.DELETE, a, true));
			}
			}
			@@ -746,21 +730,7 @@


			List<Long> failureTimes = getAuthFailureTimes();
			// Note: failureTimes == this.authFailureTimes
			long highestFailureTime = -1;
			for (Long l : failureTimes)
			{
			highestFailureTime = Math.max(l, highestFailureTime);
			}

			if (highestFailureTime >= currentTime)
			{
			highestFailureTime++;
			}
			else
			{
			highestFailureTime = currentTime;
			}
			long highestFailureTime = computeHighestTime(failureTimes);
			// Update the current policy state
			failureTimes.add(highestFailureTime);

			@@ -806,7 +776,7 @@
			AttributeBuilder builder = new AttributeBuilder(type);
			long highestFailureTime = -1;

			for (Long l : authFailureTimes)
			for (long l : authFailureTimes)
			{
			highestFailureTime = Math.max(l, highestFailureTime);
			builder.add(GeneralizedTimeSyntax.format(l));
			@@ -1471,7 +1441,15 @@
			return locked;
			}


			/**
			* Returns whether the account was locked for any reason.
			*
			* @return true if the account is locked, false otherwise
			*/
			public boolean isLocked()
			{
			return lockedDueToIdleInterval() \|\| lockedDueToMaximumResetAge() \|\| lockedDueToFailures();
			}

			/**
			* Retrieves the time that the user's password should expire (if the expiration is in the future) or
			@@ -2062,20 +2040,7 @@
			}

			List<Long> graceTimes = getGraceLoginTimes();
			long highestGraceTime = -1;
			for (Long l : graceTimes)
			{
			highestGraceTime = Math.max(l, highestGraceTime);
			}

			if (highestGraceTime >= currentTime)
			{
			highestGraceTime++;
			}
			else
			{
			highestGraceTime = currentTime;
			}
			long highestGraceTime = computeHighestTime(graceTimes);
			graceTimes.add(highestGraceTime); // graceTimes == this.graceLoginTimes

			AttributeType type = DirectoryServer.getAttributeTypeOrDefault(
			@@ -2084,6 +2049,25 @@
			modifications.add(new Modification(ModificationType.ADD, addAttr, true));
			}

			private long computeHighestTime(List<Long> graceTimes)
			{
			long highestTime = -1;
			for (long l : graceTimes)
			{
			highestTime = Math.max(l, highestTime);
			}

			if (highestTime >= currentTime)
			{
			highestTime++;
			}
			else
			{
			highestTime = currentTime;
			}
			return highestTime;
			}



			/**
			@@ -2109,7 +2093,7 @@

			AttributeType type = DirectoryServer.getAttributeTypeOrDefault(OP_ATTR_PWPOLICY_GRACE_LOGIN_TIME_LC);
			AttributeBuilder builder = new AttributeBuilder(type);
			for (Long l : graceLoginTimes)
			for (long l : graceLoginTimes)
			{
			builder.add(GeneralizedTimeSyntax.format(l));
			}
			@@ -2210,7 +2194,6 @@



			/** {@inheritDoc} */
			@Override
			public boolean passwordMatches(ByteString password)
			{
			@@ -2516,16 +2499,12 @@
			return;
			}

			AttributeBuilder builder = new AttributeBuilder(type);
			builder.addAll(removedValues);
			Attribute a = builder.toAttribute();
			Attribute a = newAttribute(type, removedValues);
			modifications.add(new Modification(ModificationType.DELETE, a, true));

			if (! addedValues.isEmpty())
			{
			builder = new AttributeBuilder(type);
			builder.addAll(addedValues);
			Attribute a2 = builder.toAttribute();
			Attribute a2 = newAttribute(type, addedValues);
			modifications.add(new Modification(ModificationType.ADD, a2, true));
			}

			@@ -2607,14 +2586,11 @@
			while (iterator.hasNext())
			{
			long historyDate = iterator.next();
			if (historyDate < retainDate)
			{
			iterator.remove();
			}
			else
			if (historyDate >= retainDate)
			{
			break;
			}
			iterator.remove();
			}
			}

			@@ -2686,7 +2662,6 @@
			if (logger.isTraceEnabled())
			{
			logger.traceException(e);

			logger.trace("Could not decode the timestamp in history value " + histStr + " -- " + e +
			". Marking it for removal.");
			}
			@@ -2767,11 +2742,7 @@
			if (logger.isTraceEnabled())
			{
			logger.traceException(e);

			if (logger.isTraceEnabled())
			{
			logger.trace("Returning false because of an exception: " + stackTraceToSingleLineString(e));
			}
			logger.trace("Returning false because of an exception: " + stackTraceToSingleLineString(e));
			}

			return false;
			@@ -2906,9 +2877,7 @@

			if (! removeValues.isEmpty())
			{
			AttributeBuilder builder = new AttributeBuilder(historyType);
			builder.addAll(removeValues);
			removeAttrs.add(builder.toAttribute());
			removeAttrs.add(newAttribute(historyType, removeValues));
			}
			}

			@@ -2923,28 +2892,24 @@
			while (iterator.hasNext())
			{
			long timestamp = iterator.next();
			if (timestamp < minAgeToKeep)
			{
			ByteString v = historyMap.get(timestamp);
			removeValues.add(v);
			iterator.remove();

			if (logger.isTraceEnabled())
			{
			logger.trace("Removing history value %s to preserve the history duration.", v);
			}
			}
			else
			if (timestamp >= minAgeToKeep)
			{
			break;
			}

			ByteString v = historyMap.get(timestamp);
			removeValues.add(v);
			iterator.remove();

			if (logger.isTraceEnabled())
			{
			logger.trace("Removing history value %s to preserve the history duration.", v);
			}
			}

			if (! removeValues.isEmpty())
			{
			AttributeBuilder builder = new AttributeBuilder(historyType);
			builder.addAll(removeValues);
			removeAttrs.add(builder.toAttribute());
			removeAttrs.add(newAttribute(historyType, removeValues));
			}
			}

			@@ -2976,7 +2941,12 @@
			modifications.add(new Modification(ModificationType.ADD, newHistAttr, true));
			}


			private Attribute newAttribute(AttributeType type, LinkedHashSet<ByteString> values)
			{
			AttributeBuilder builder = new AttributeBuilder(type);
			builder.addAll(values);
			return builder.toAttribute();
			}

			/**
			* Retrieves the password history state values for the user. This is only intended for testing purposes.
			@@ -3095,7 +3065,6 @@



			/** {@inheritDoc} */
			@Override
			public void finalizeStateAfterBind()
			throws DirectoryException

			@@ -559,9 +559,7 @@

			boolean isInactive = pwpState.isDisabled()
			\|\| pwpState.isAccountExpired();
			boolean isLocked = pwpState.lockedDueToFailures()
			\|\| pwpState.lockedDueToMaximumResetAge()
			\|\| pwpState.lockedDueToIdleInterval();
			boolean isLocked = pwpState.isLocked();
			boolean isReset = pwpState.mustChangePassword();
			boolean isExpired = pwpState.isPasswordExpired();

			@@ -448,10 +448,7 @@
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_DISABLED.get());
			return;
			}
			else if (selfChange
			&& (pwPolicyState.lockedDueToFailures()
			\|\| pwPolicyState.lockedDueToIdleInterval()
			\|\| pwPolicyState.lockedDueToMaximumResetAge()))
			else if (selfChange && pwPolicyState.isLocked())
			{
			if (pwPolicyRequested)
			{

			@@ -1650,10 +1650,7 @@
			}


			// See if the account was locked for any reason.
			wasLocked = pwPolicyState.lockedDueToIdleInterval() \|\|
			pwPolicyState.lockedDueToMaximumResetAge() \|\|
			pwPolicyState.lockedDueToFailures();
			wasLocked = pwPolicyState.isLocked();

			// Update the password policy state attributes in the user's entry. If the
			// modification fails, then these changes won't be applied.