From f6e1acdefc97aa0f808b622c6f6a3dc0a683d457 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Mon, 15 Apr 2019 11:23:46 -0400 Subject: [PATCH] Ticket 50053 - Subtree password policy overrides a user-defined password policy Bug Description: When an entry contains an attribute that is also defined by a cos definition a specifier defines which values win: the real values that are in the entry or the virtual values that are cos defined. The specifier 'default' means that the real values are the winners (returned). 'operational-default' has the same behavior but just specify that the attribute is operational. The bug is that when real values exists, the 'operational-default' specifier drops the real values in favor of the virtual ones. Fix Description: Change the test, so that real values are not kept for 'operation-default' Note: the full routine cos_cache_query_attr looks quite messy and error prone It would be nice to rewrite it when we have time https://pagure.io/389-ds-base/issue/50053 --- ldap/servers/plugins/cos/cos_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c index 5e0cf1725..64c0441c4 100644 --- a/ldap/servers/plugins/cos/cos_cache.c +++ b/ldap/servers/plugins/cos/cos_cache.c @@ -2279,7 +2279,7 @@ cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context, Slapi_Entry * /* now for the tests */ /* would we be allowed to supply this attribute if we had one? */ - if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational && !pAttr->attr_operational_default) { + if (entry_has_value && !pAttr->attr_override && !pAttr->attr_operational) { /* answer: no, move on to the next attribute */ attr_index++; continue; -- 2.17.2