From 606b7b6a45f6e2014119d0716774323f30862e0c Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Fri, 2 Aug 2019 12:07:07 -0400 Subject: [PATCH] Issue 50529 - LDAP server returning PWP controls in different sequence Description: The server returns password policy controls in different orders depending on the state of grace logins. The requested control, if any, should be returned first, followed by any controls the server might add. relates: https://pagure.io/389-ds-base/issue/50529 Reviewed by: mreynolds (one line commit rule) --- ldap/servers/slapd/pw_mgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c index befac50cd..ca76fc12f 100644 --- a/ldap/servers/slapd/pw_mgmt.c +++ b/ldap/servers/slapd/pw_mgmt.c @@ -207,10 +207,10 @@ skip: /* password expired and user exceeded limit of grace attemps. * Send result and also the control */ - slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); if (pwresponse_req) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED); } + slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "password expired!", 0, NULL); -- 2.21.0