Add new account expired rule to LDAP access provider

Two new options are added to the LDAP access provider to allow a broader
range of access control rules to be evaluated.

'ldap_access_order' makes it possible to run more than one rule. To keep
compatibility with older versions the default is 'filter'. This patch
adds a new rule 'expire'.

'ldap_account_expire_policy' specifies which LDAP attribute should be
used to determine if an account is expired or not. Currently only
'shadow' is supported which evaluates the ldap_user_shadow_expire
attribute.

0 files changed, 0 insertions, 0 deletions