diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 000904c95bf..7098223be34 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -2057,7 +2057,7 @@ class auth_plugin_ldap extends auth_plugin_base { $entry = ldap_get_entries_moodle($ldapconn, $sr); $info = array_change_key_case($entry[0], CASE_LOWER); $maxpwdage = $info['maxpwdage'][0]; - if ($sr = ldap_read($ldapconn, $user_dn, '(objectClass=*)', array('msDS-ResultantPSO', 'msDS-MaximumPasswordAge'))) { + if ($sr = ldap_read($ldapconn, $user_dn, '(objectClass=*)', array('msDS-ResultantPSO'))) { if ($entry = ldap_get_entries_moodle($ldapconn, $sr)) { $info = array_change_key_case($entry[0], CASE_LOWER); $userpso = $info['msds-resultantpso'][0]; @@ -2065,8 +2065,10 @@ class auth_plugin_ldap extends auth_plugin_base { // If a PSO exists, FGPP is being utilized. // Grab the new maxpwdage from the msDS-MaximumPasswordAge attribute of the PSO. if (!empty($userpso)) { + $sr = ldap_read($ldapconn, $userpso, '(objectClass=*)', array('msDS-MaximumPasswordAge')); if ($entry = ldap_get_entries_moodle($ldapconn, $sr)) { $info = array_change_key_case($entry[0], CASE_LOWER); + // Default value of msds-maximumpasswordage is 42 and is always set. $maxpwdage = $info['msds-maximumpasswordage'][0]; } }