From c2ad06a75aa654123012f0c44244f55e7bdeec95 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Fri, 04 Aug 2006 15:52:01 +0000
Subject: [PATCH] Update the password policy state management code to take more information into account when determining whether users must change their passwords.  In particular, make sure that at least one of the "force change on add" and "force change on reset" features are enabled, and also make sure that users are allowed to change their passwords.

---
 opends/src/server/org/opends/server/core/PasswordPolicyState.java |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index d907102..f697a42 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -2249,6 +2249,19 @@
   {
     assert debugEnter(CLASS_NAME, "mustChangePassword");
 
+    // If the password policy doesn't use force change on add or force change on
+    // reset, or if it forbits the user from changing their password, then this
+    // must return false.
+    if (! passwordPolicy.allowUserPasswordChanges())
+    {
+      return false;
+    }
+    else if (! (passwordPolicy.forceChangeOnAdd() ||
+                passwordPolicy.forceChangeOnReset()))
+    {
+      return false;
+    }
+
     if ((mustChangePassword == null) ||
         (mustChangePassword == ConditionResult.UNDEFINED))
     {

--
Gitblit v1.10.0