Add LDAP expire policy based on AD attributes

The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
author: Sumit Bose <sbose@redhat.com> 2010-12-21 13:30:33 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-01-19 09:53:20 -0500
commit: 22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 (patch)
tree: fb69e82eea580199f7919ecf02a83b3339b8dbcc /src/config/etc
parent: 5352c9b3609bca63814f9f6f03dbbbadf6c6333a (diff)
download: sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.gz
sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.bz2
sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 8aaecd5d..06443831 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -58,6 +58,8 @@ ldap_user_krb_last_pwd_change = str, None, false
 ldap_user_krb_password_expiration = str, None, false
 ldap_user_authorized_service = str, None, false
 ldap_pwd_attribute = str, None, false
+ldap_user_ad_account_expires = str, None, false
+ldap_user_ad_user_account_control = str, None, false
 ldap_group_search_base = str, None, false
 ldap_group_search_scope = str, None, false
 ldap_group_search_filter = str, None, false
author	Sumit Bose <sbose@redhat.com>	2010-12-21 13:30:33 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-01-19 09:53:20 -0500
commit	22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 (patch)
tree	fb69e82eea580199f7919ecf02a83b3339b8dbcc /src/config/etc
parent	5352c9b3609bca63814f9f6f03dbbbadf6c6333a (diff)
download	sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.gz sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.bz2 sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.zip