summaryrefslogtreecommitdiff
path: root/src/config/etc
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-11-22 14:24:23 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-12-06 09:30:13 -0500
commit32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (patch)
tree726ed591038967e12d559ccebd6eece6cd2520cb /src/config/etc
parent39875788b552ed157e68156e64e95dda5dc6aa43 (diff)
downloadsssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.gz
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.bz2
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.zip
Add new account expired rule to LDAP access provider
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
Diffstat (limited to 'src/config/etc')
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 404f4d59..b7d2f9b2 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -80,6 +80,8 @@ ldap_pwd_policy = str, None, false
[provider/ldap/access]
ldap_access_filter = str, None, false
+ldap_account_expire_policy = str, None, false
+ldap_access_order = str, None, false
[provider/ldap/chpass]