diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-08-06 16:05:53 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-27 15:54:11 +0200 |
| commit | 6ff7563d27abe046a919439a01ba668b6b6b00e8 (patch) | |
| tree | 7b5355c41ce8ff49e03ba193e8e3afb6a307b220 | |
| parent | 2c8c42d3dfdad2ebf3af69afa8aee15abe54c588 (diff) | |
| download | sssd-6ff7563d27abe046a919439a01ba668b6b6b00e8.tar.gz sssd-6ff7563d27abe046a919439a01ba668b6b6b00e8.tar.xz sssd-6ff7563d27abe046a919439a01ba668b6b6b00e8.zip | |
SDAP: new option - DN to ppolicy on LDAP
To check value of pwdLockout attribute on LDAP server, DN of ppolicy
must be set.
Resolves:
https://fedorahosted.org/sssd/ticket/2364
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 | ||||
| -rw-r--r-- | src/providers/ad/ad_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 |
8 files changed, 8 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 48db1eb8f..4242df507 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -318,6 +318,7 @@ option_strings = { 'ldap_use_tokengroups' : _('Whether to use Token-Groups'), 'ldap_min_id' : _('Set lower boundary for allowed IDs from the LDAP server'), 'ldap_max_id' : _('Set upper boundary for allowed IDs from the LDAP server'), + 'ldap_pwdlockout_dn' : _('DN for ppolicy queries'), # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 77f7eac71..2d3c236a0 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -110,6 +110,7 @@ ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_use_tokengroups = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false +ldap_pwdlockout_dn = str, None, false [provider/ad/auth] krb5_ccachedir = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index e1ebf0888..ed28698fc 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -130,6 +130,7 @@ ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_use_tokengroups = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false ipa_server_mode = bool, None, false +ldap_pwdlockout_dn = str, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 4e3f0e9ea..b71e46130 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -119,6 +119,7 @@ ldap_use_tokengroups = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false ldap_min_id = int, None, false ldap_max_id = int, None, false +ldap_pwdlockout_dn = str, None, false [provider/ldap/auth] ldap_pwd_policy = str, None, false diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index 19ad14d62..31703fd7f 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -130,6 +130,7 @@ struct dp_option ad_def_ldap_opts[] = { { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, + { "ldap_pwdlockout_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index a1334610c..0c3a6f55e 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -153,6 +153,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, + { "ldap_pwdlockout_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 803bd3f19..cc40ad1cb 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -119,6 +119,7 @@ struct dp_option default_basic_opts[] = { { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, + { "ldap_pwdlockout_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index a766779e5..e92d51332 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -231,6 +231,7 @@ enum sdap_basic_opt { SDAP_DISABLE_RANGE_RETRIEVAL, SDAP_MIN_ID, SDAP_MAX_ID, + SDAP_PWDLOCKOUT_DN, SDAP_OPTS_BASIC /* opts counter */ }; |