diff options
author | Sumit Bose <sbose@redhat.com> | 2009-11-16 13:56:57 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-23 12:46:29 -0500 |
commit | be1697216fc62578c00606458b0ff390c575ef67 (patch) | |
tree | 7b4226269267824c1eb68a1555d0266dfa9fbf00 /server/providers/ldap/ldap_common.c | |
parent | e115c25af2df3549fb44b260e516d8c93d2adc8a (diff) | |
download | sssd-be1697216fc62578c00606458b0ff390c575ef67.tar.gz sssd-be1697216fc62578c00606458b0ff390c575ef67.tar.bz2 sssd-be1697216fc62578c00606458b0ff390c575ef67.zip |
Add ldap_pwd_policy option
Diffstat (limited to 'server/providers/ldap/ldap_common.c')
-rw-r--r-- | server/providers/ldap/ldap_common.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c index 6236707f..58c6d692 100644 --- a/server/providers/ldap/ldap_common.c +++ b/server/providers/ldap/ldap_common.c @@ -55,7 +55,8 @@ struct dp_option default_basic_opts[] = { { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ - { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING } }; struct sdap_attr_map generic_attr_map[] = { @@ -157,6 +158,7 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sdap_attr_map *default_group_map; struct sdap_options *opts; char *schema; + const char *pwd_policy; int ret; opts = talloc_zero(memctx, struct sdap_options); @@ -195,6 +197,20 @@ int ldap_get_options(TALLOC_CTX *memctx, dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE))); } + pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); + if (pwd_policy == NULL) { + DEBUG(1, ("Missing password policy, this may not happen.\n")); + ret = EINVAL; + goto done; + } + if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && + strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && + strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { + DEBUG(1, ("Unsupported password policy [%s].\n", pwd_policy)); + ret = EINVAL; + goto done; + } + /* schema type */ schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA); if (strcasecmp(schema, "rfc2307") == 0) { |