summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-11-22 14:24:23 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-12-06 09:30:13 -0500
commit32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (patch)
tree726ed591038967e12d559ccebd6eece6cd2520cb /src/providers/krb5
parent39875788b552ed157e68156e64e95dda5dc6aa43 (diff)
downloadsssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.gz
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.bz2
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.zip
Add new account expired rule to LDAP access provider
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
Diffstat (limited to 'src/providers/krb5')
0 files changed, 0 insertions, 0 deletions