From a5efb21a53b8c890490c98229842a333a1158d2e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 4 Jun 2016 00:48:56 +0200 Subject: [PATCH] s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change() The logic in samdb_result_force_password_change() is incomplete and the correct logic is already available via the constructed "msDS-UserPasswordExpiryTimeComputed" attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/kdc/db-glue.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index af9fa268b32..963c64102d1 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -880,8 +880,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, } else { NTTIME must_change_time - = samdb_result_force_password_change(kdc_db_ctx->samdb, mem_ctx, - realm_dn, msg); + = samdb_result_nttime(msg, + "msDS-UserPasswordExpiryTimeComputed", + 0); if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) { entry_ex->entry.pw_end = NULL; } else {