LDAP: warn about lockout option being deprecated

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 108a49f0e816d95cf75a1e964f63b397e53c8b56)
author: Pavel Reichl <preichl@redhat.com> 2015-03-25 05:03:12 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-05-14 16:39:22 +0200
commit: 1590f8dbcbfc0a3c7a858590e54678ac7784be49 (patch)
tree: 945fe05268702e7ff5e699f6970c0290a10515f8
parent: 0f85298a31beb53375635b82cb274d29eae45774 (diff)
download: sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.gz
sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.xz
sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.zip
2 files changed, 15 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 7de0faef2..6bfeb571f 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1955,6 +1955,13 @@ ldap_access_filter = (employeeType=admin)
                             be set for this feature to work.
                         </para>
                         <para>
+                            <emphasis>
+                            Please note that this option is superseded by
+                            the <quote>ppolicy</quote> option and might be
+                            removed in a future release.
+                            </emphasis>
+                        </para>
+                        <para>
                             <emphasis>ppolicy</emphasis>: use account locking.
                             If set, this option denies access in case that ldap
                             attribute 'pwdAccountLockedTime' is present and has
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index c10b9ddcf..1949248c0 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -212,7 +212,13 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state,
             /* we are done with no errors */
             return EOK;
 
+        /* This option is deprecated by LDAP_ACCESS_PPOLICY */
         case LDAP_ACCESS_LOCKOUT:
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  "WARNING: %s option is deprecated and might be removed in "
+                  "a future release. Please migrate to %s option instead.\n",
+                  LDAP_ACCESS_LOCK_NAME, LDAP_ACCESS_PPOLICY_NAME);
+
             subreq = sdap_access_ppolicy_send(state, state->ev, state->be_ctx,
                                               state->domain,
                                               state->access_ctx,
@@ -221,7 +227,8 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state,
                                               state->user_entry,
                                               PWP_LOCKOUT_ONLY);
             if (subreq == NULL) {
-                DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_ppolicy_send failed.\n");
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      "sdap_access_ppolicy_send failed.\n");
                 return ENOMEM;
             }
author	Pavel Reichl <preichl@redhat.com>	2015-03-25 05:03:12 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-05-14 16:39:22 +0200
commit	1590f8dbcbfc0a3c7a858590e54678ac7784be49 (patch)
tree	945fe05268702e7ff5e699f6970c0290a10515f8
parent	0f85298a31beb53375635b82cb274d29eae45774 (diff)
download	sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.gz sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.xz sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.zip