From 37449e509f4a4253bacea57adf6c1d860eaaf1bb Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Fri, 2 Aug 2019 12:07:07 -0400 Subject: [PATCH] Issue 50529 - LDAP server returning PWP controls in different sequence Description: The server returns password policy controls in different orders depending on the state of grace logins. The requested control, if any, should be returned first, followed by any controls the server might add. relates: https://pagure.io/389-ds-base/issue/50529 Reviewed by: mreynolds (one line commit rule) --- ldap/servers/slapd/pw_mgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c index befac50cd..ca76fc12f 100644 --- a/ldap/servers/slapd/pw_mgmt.c +++ b/ldap/servers/slapd/pw_mgmt.c @@ -207,10 +207,10 @@ skip: /* password expired and user exceeded limit of grace attemps. * Send result and also the control */ - slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); if (pwresponse_req) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED); } + slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "password expired!", 0, NULL); -- 2.21.1