summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap.h
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-11-22 14:24:23 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-12-06 09:30:13 -0500
commit32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (patch)
tree726ed591038967e12d559ccebd6eece6cd2520cb /src/providers/ldap/sdap.h
parent39875788b552ed157e68156e64e95dda5dc6aa43 (diff)
downloadsssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.gz
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.bz2
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.zip
Add new account expired rule to LDAP access provider
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
Diffstat (limited to 'src/providers/ldap/sdap.h')
-rw-r--r--src/providers/ldap/sdap.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 945de374..4d52d5b3 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -182,6 +182,8 @@ enum sdap_basic_opt {
SDAP_NETGROUP_SEARCH_BASE,
SDAP_NESTING_LEVEL,
SDAP_DEREF,
+ SDAP_ACCOUNT_EXPIRE_POLICY,
+ SDAP_ACCESS_ORDER,
SDAP_OPTS_BASIC /* opts counter */
};