summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_access.h
AgeCommit message (Collapse)AuthorFilesLines
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-1/+14
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+39
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com