diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-03-25 05:03:12 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-14 16:39:22 +0200 |
commit | 1590f8dbcbfc0a3c7a858590e54678ac7784be49 (patch) | |
tree | 945fe05268702e7ff5e699f6970c0290a10515f8 | |
parent | 0f85298a31beb53375635b82cb274d29eae45774 (diff) | |
download | sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.gz sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.tar.xz sssd-1590f8dbcbfc0a3c7a858590e54678ac7784be49.zip |
LDAP: warn about lockout option being deprecated
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 108a49f0e816d95cf75a1e964f63b397e53c8b56)
-rw-r--r-- | src/man/sssd-ldap.5.xml | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_access.c | 9 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 7de0faef2..6bfeb571f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1955,6 +1955,13 @@ ldap_access_filter = (employeeType=admin) be set for this feature to work. </para> <para> + <emphasis> + Please note that this option is superseded by + the <quote>ppolicy</quote> option and might be + removed in a future release. + </emphasis> + </para> + <para> <emphasis>ppolicy</emphasis>: use account locking. If set, this option denies access in case that ldap attribute 'pwdAccountLockedTime' is present and has diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index c10b9ddcf..1949248c0 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -212,7 +212,13 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, /* we are done with no errors */ return EOK; + /* This option is deprecated by LDAP_ACCESS_PPOLICY */ case LDAP_ACCESS_LOCKOUT: + DEBUG(SSSDBG_MINOR_FAILURE, + "WARNING: %s option is deprecated and might be removed in " + "a future release. Please migrate to %s option instead.\n", + LDAP_ACCESS_LOCK_NAME, LDAP_ACCESS_PPOLICY_NAME); + subreq = sdap_access_ppolicy_send(state, state->ev, state->be_ctx, state->domain, state->access_ctx, @@ -221,7 +227,8 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, state->user_entry, PWP_LOCKOUT_ONLY); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_ppolicy_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_access_ppolicy_send failed.\n"); return ENOMEM; } |