Blame SOURCES/0043-Issue-50529-LDAP-server-returning-PWP-controls-in-di.patch

47a30d
From 37449e509f4a4253bacea57adf6c1d860eaaf1bb Mon Sep 17 00:00:00 2001
47a30d
From: Mark Reynolds <mreynolds@redhat.com>
47a30d
Date: Fri, 2 Aug 2019 12:07:07 -0400
47a30d
Subject: [PATCH] Issue 50529 -  LDAP server returning PWP controls in
47a30d
 different sequence
47a30d
47a30d
Description:  The server returns password policy controls in different orders
47a30d
              depending on the state of grace logins.  The requested control,
47a30d
              if any, should be returned first, followed by any controls the
47a30d
              server might add.
47a30d
47a30d
relates: https://pagure.io/389-ds-base/issue/50529
47a30d
47a30d
Reviewed by: mreynolds (one line commit rule)
47a30d
---
47a30d
 ldap/servers/slapd/pw_mgmt.c | 2 +-
47a30d
 1 file changed, 1 insertion(+), 1 deletion(-)
47a30d
47a30d
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
47a30d
index befac50cd..ca76fc12f 100644
47a30d
--- a/ldap/servers/slapd/pw_mgmt.c
47a30d
+++ b/ldap/servers/slapd/pw_mgmt.c
47a30d
@@ -207,10 +207,10 @@ skip:
47a30d
 
47a30d
         /* password expired and user exceeded limit of grace attemps.
47a30d
          * Send result and also the control */
47a30d
-        slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
47a30d
         if (pwresponse_req) {
47a30d
             slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
47a30d
         }
47a30d
+        slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
47a30d
         slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
47a30d
                                "password expired!", 0, NULL);
47a30d
 
47a30d
-- 
47a30d
2.21.1
47a30d