s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 72bf537ef66c1fcc490282cc17592835b5219881..40bbf496a2f5cc26e3455756e883dc0b6fc9661c 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2317,7 +2317,13 @@ static int setup_io(struct ph_context *ac,
 
        io->u.userAccountControl        = ldb_msg_find_attr_as_uint(info_msg,
                                                                    "userAccountControl", 0);
-       io->u.pwdLastSet                = samdb_result_nttime(info_msg, "pwdLastSet", 0);
+       if (info_msg == existing_msg) {
+               /*
+                * We only take pwdLastSet from the existing object
+                * otherwise we leave it as 0.
+                */
+               io->u.pwdLastSet = samdb_result_nttime(info_msg, "pwdLastSet", 0);
+       }
        io->u.sAMAccountName            = ldb_msg_find_attr_as_string(info_msg,
                                                                      "sAMAccountName", NULL);
        io->u.user_principal_name       = ldb_msg_find_attr_as_string(info_msg,