[Fedora-directory-devel] Please Review: (216522) password change extop doesn't respect local pwp

[Nathan Kinder]

https://bugzilla.redhat.com/show_bug.cgi?id=216522
Resolves: bug 216522
Bug Description: The global password policy was always being used for
  password changes made with the password modify extended operation,
  even if a local policy was defined for the user/subtree.
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: The password modify extended operation ends up using an
  internal modify operation to perform the actual change.  Unfortunately,
  we don't look for local password policies for internal operations.

  When choosing between the global and local password policies,
  we should always choose the local policy if one applies, regardless of the
  operation being internal or not.  This fix simply makes us check for local
  policies for internal operations.

  A change was needed with where we fetch the policy when we are returning a
  result.  We used to always fetch a policy, even though we only needed 
it when
  we were dealing with an error 49.  This was causing us to infinitely 
recurse
  with the above change for fetching local policies for internal 
operations.  The
  password policy code would perform an internal search for the local policy
  container, which would trigger the policy to be looked up again when 
we return
  the result for the internal operation.  Since we only need to fetch 
the policy
  at result time for an error 49, I changed the code to only fetch the 
policy in
  this case.  This case will never be true for an internal operation 
since we
  don't need to provide a bind DN or password.
Platforms tested: Fedora 9 i686
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=324353&action=diff