From 32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 22 Nov 2010 14:24:23 +0100 Subject: Add new account expired rule to LDAP access provider Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute. --- src/config/SSSDConfig.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/config/SSSDConfig.py') diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index edfc823e..e48e83ab 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -160,6 +160,8 @@ option_strings = { # [provider/ldap/access] 'ldap_access_filter' : _('LDAP filter to determine access privileges'), + 'ldap_account_expire_policy' : _('Which attributes shall be used to evaluate if an account is expired'), + 'ldap_access_order' : _('Which rules should be used to evaluate access control'), # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), -- cgit