r2819: Make 'password history'-behaviour in ldapsam more consistent.

Currently we cannot store more then 15 password history entries (windows
NT4 allows to store 24) in ldapsam. When choosing more then "15" with
pdbedit -P "password history", we fail to initialize the password
history upon password change and overwrite the history, effectively
using a password history of "1". We do already decrease any
history-policy larger then 15 to 15 while storing the password history
list attribute in ldap.

Guenther
(This used to be commit a4b47e71475a06c2e2287613b00648c5f53ae52c)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 751ec7e049cb06b4ee739e5ea1853a686a536ae1..02425810b368fa0454c8434bf1f207e32513fc9c 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -727,6 +727,9 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
                uint8 *pwhist = NULL;
                int i;
 
+               /* We can only store (sizeof(pstring)-1)/64 password history entries. */
+               pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+
                if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
                        DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
                        return False;