From d73fcc5183a676aed4fd040714b87274248b784c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 22 Dec 2010 18:25:45 +0100 Subject: Add LDAP expire policy base RHDS/IPA attribute The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked. --- src/providers/ldap/ldap_init.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/providers/ldap/ldap_init.c') diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 61f92333..6b05690e 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -346,7 +346,10 @@ int sssm_ldap_access_init(struct be_ctx *bectx, "All domain users will be denied access.\n")); } else { if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0 && - strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0) { + strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0 && + strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 && + strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 && + strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) { DEBUG(1, ("Unsupported LDAP account expire policy [%s].\n", dummy)); ret = EINVAL; -- cgit