From 591624adc1b6a24fc0f6293cbd4e1122df816ac3 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Mon, 26 Jan 2009 13:11:18 +0000
Subject: [PATCH] Fix issue 3750 - Forcing a password change after admin reset causes unexpected behavior.

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java |   22 +++++++++++++---------
 1 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index dc83bc6..82d0f6e 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2008 Sun Microsystems, Inc.
+ *      Copyright 2008-2009 Sun Microsystems, Inc.
  */
 package org.opends.server.workflowelement.localbackend;
 
@@ -282,6 +282,7 @@
    * @throws  DirectoryException  If an unexpected problem occurs while applying
    *                              the modification to the entry.
    */
+  @Override
   public void addModification(Modification modification)
     throws DirectoryException
   {
@@ -529,15 +530,18 @@
         }
 
 
-        if ((! passwordChanged) && (! isInternalOperation()) &&
-            pwPolicyState.mustChangePassword())
+        DN authzDN = getAuthorizationDN();
+        if ((!passwordChanged) && (!isInternalOperation())
+            && pwPolicyState.mustChangePassword())
         {
-          // The user will not be allowed to do anything else before the
-          // password gets changed.
-          pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
-          setResultCode(ResultCode.UNWILLING_TO_PERFORM);
-          appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD.get());
-          break modifyProcessing;
+          if (authzDN != null && authzDN.equals(entryDN))
+          {
+            // The user did not attempt to change their password.
+            pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
+            setResultCode(ResultCode.UNWILLING_TO_PERFORM);
+            appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD.get());
+            break modifyProcessing;
+          }
         }
 
 

--
Gitblit v1.10.0