diff options
| author | Sumit Bose <sbose@redhat.com> | 2009-10-07 18:15:27 +0200 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-10-08 16:09:45 -0400 |
| commit | 690a6ee2353e5922b3fda164259f09d161c39a2c (patch) | |
| tree | ac027782fdcc6c06ad5b85fe0b6642cd9d469f21 /server/providers/ldap/ldap_auth.c | |
| parent | 88a8005a1f074cf78cf6becef90aa733c0e2b7aa (diff) | |
| download | sssd-690a6ee2353e5922b3fda164259f09d161c39a2c.tar.gz sssd-690a6ee2353e5922b3fda164259f09d161c39a2c.tar.xz sssd-690a6ee2353e5922b3fda164259f09d161c39a2c.zip | |
add support for server side LDAP password policies
- password policy request controls are send during bind and change
password extended operation
- the response control is evaluated to see if the password is expired
or will expire, soon
Diffstat (limited to 'server/providers/ldap/ldap_auth.c')
| -rw-r--r-- | server/providers/ldap/ldap_auth.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index b1667c4bf..487fb0741 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -404,6 +404,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) switch (result) { case SDAP_AUTH_SUCCESS: + case SDAP_AUTH_PW_EXPIRED: DEBUG(7, ("user [%s] successfully authenticated.\n", state->dn)); subreq = sdap_exop_modify_passwd_send(state, state->breq->be_ctx->ev, @@ -541,6 +542,9 @@ static void sdap_pam_auth_done(struct tevent_req *req) case SDAP_UNAVAIL: state->pd->pam_status = PAM_AUTHINFO_UNAVAIL; break; + case SDAP_AUTH_PW_EXPIRED: + state->pd->pam_status = PAM_AUTHTOK_EXPIRED; + break; default: state->pd->pam_status = PAM_SYSTEM_ERR; } |