Add LDAP access control based on NDS attributes

2 files changed, 6 insertions, 0 deletions

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 2af4892b4..16d3d3573 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -190,6 +190,9 @@ option_strings = {
     'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'),
     'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'),
     'ldap_ns_account_lock' : _('nsAccountLock attribute'),
+    'ldap_user_nds_login_disabled' : _('loginDisabled attribute of NDS'),
+    'ldap_user_nds_login_expiration_time' : _('loginExpirationTime attribute of NDS'),
+    'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'),
 
     'ldap_group_search_base' : _('Base DN for group lookups'),
     # not used # 'ldap_group_search_scope' : _('Scope of group lookups'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index ce9ec513d..18321cade 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -67,6 +67,9 @@ ldap_pwd_attribute = str, None, false
 ldap_user_ad_account_expires = str, None, false
 ldap_user_ad_user_account_control = str, None, false
 ldap_ns_account_lock = str, None, false
+ldap_user_nds_login_disabled = str, None, false
+ldap_user_nds_login_expiration_time = str, None, false
+ldap_user_nds_login_allowed_time_map = str, None, false
 ldap_group_search_base = str, None, false
 ldap_group_search_scope = str, None, false
 ldap_group_search_filter = str, None, false