From 1087a64b461358888ac50d47fde7f9be71449481 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 20 Oct 2016 12:38:49 -0400
Subject: [PATCH 53/55] Ticket 49014 - ns-accountstatus.pl shows wrong status
for accounts inactivated by Account policy plugin
Bug Description: ns-accountstatus.pl shows wrong status for accounts inactivated
by inactivity. If there is no acct policy subentry the wrong
basedn was used to get the inactivity limit. This prevented the
script from detecting if an account was inactivated due to inactivity.
Fix Description: If there is no subentry, then use the existing config entry
to get the inactivity limit.
https://fedorahosted.org/389/ticket/49014
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 2e494bc7e5e73f97e8a425b22706418ff8879336)
(cherry picked from commit 1c6b1c99b576e7b9ffdc217d20737e216ec40a24)
---
ldap/admin/src/scripts/ns-accountstatus.pl.in | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ldap/admin/src/scripts/ns-accountstatus.pl.in b/ldap/admin/src/scripts/ns-accountstatus.pl.in
index 37fc7fa..a20d2df 100644
--- a/ldap/admin/src/scripts/ns-accountstatus.pl.in
+++ b/ldap/admin/src/scripts/ns-accountstatus.pl.in
@@ -474,7 +474,7 @@ sub getAcctPolicy
close(LDAP1);
#
- # Now, get the DN for the cos template from the entry
+ # Now, get the DN for the account policy subEntry from the entry (if available)
#
$srch{base} = $entry;
$srch{filter} = "(objectclass=*)";
@@ -486,14 +486,19 @@ sub getAcctPolicy
s/\n //g;
if (/^$cosspecattr: (.*)/i){
$templateDN = $1;
+ break;
}
}
close(LDAP1);
#
- # Get the inactivity limit from the template]
+ # Get the inactivity limit
#
- $srch{base} = $templateDN;
+ $srch{base} = $configentry;
+ if ($templateDN){
+ # Use subEntry DN
+ $srch{base} = $templateDN;
+ }
$srch{filter} = "($limitattr=*)";
$srch{scope} = "base";
$srch{attrs} = "$limitattr";
--
2.4.11