From b3a00ec524976042e097c32f349e1281216b44d9 Mon Sep 17 00:00:00 2001
From: Yannick Lecaillez <yannick.lecaillez@forgerock.com>
Date: Tue, 26 May 2015 09:24:48 +0000
Subject: [PATCH] OPENDJ-1917: User can search using resetted password when force-change-on-reset is enabled.

---
 opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
index 78d4d22..05f75c4 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
@@ -775,7 +775,7 @@
       // If the password was changed by an end user, then clear any reset flag that might exist.
       // If the password was changed by an administrator, then see if we need to set the reset flag.
       pwPolicyState.setMustChangePassword(
-          selfChange && pwPolicyState.getAuthenticationPolicy().isForceChangeOnReset());
+          !selfChange && pwPolicyState.getAuthenticationPolicy().isForceChangeOnReset());
 
       // Clear any record of grace logins, auth failures, and expiration warnings.
       pwPolicyState.clearFailureLockout();

--
Gitblit v1.10.0