vals = ldap_get_values(conn->handle, entry, inst->userobj_access_attr);
if (vals) {
- if (inst->access_positive && (strncmp(vals[0], "false", 5) == 0)) {
- RDEBUG("\"%s\" attribute exists but is set to 'false' - user locked out");
- rcode = RLM_MODULE_USERLOCK;
+ if (inst->access_positive) {
+ if (strncmp(vals[0], "false", 5) == 0) {
+ RDEBUG("\"%s\" attribute exists but is set to 'false' - user locked out");
+ rcode = RLM_MODULE_USERLOCK;
+ }
+ /* RLM_MODULE_OK set above... */
} else {
RDEBUG("\"%s\" attribute exists - user locked out", inst->userobj_access_attr);
rcode = RLM_MODULE_USERLOCK;