Add LDAP expire policy base RHDS/IPA attribute

The attribute nsAccountLock is used by RHDS, IPA and other directory
servers to indicate that the account is locked.

2 files changed, 2 insertions, 0 deletions

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index d84509c1b..aed683bd9 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -174,6 +174,7 @@ option_strings = {
     'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'),
     'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'),
     'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'),
+    'ldap_ns_account_lock' : _('nsAccountLock attribute'),
 
     'ldap_group_search_base' : _('Base DN for group lookups'),
     # not used # 'ldap_group_search_scope' : _('Scope of group lookups'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 064438316..440ebff87 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -60,6 +60,7 @@ ldap_user_authorized_service = str, None, false
 ldap_pwd_attribute = str, None, false
 ldap_user_ad_account_expires = str, None, false
 ldap_user_ad_user_account_control = str, None, false
+ldap_ns_account_lock = str, None, false
 ldap_group_search_base = str, None, false
 ldap_group_search_scope = str, None, false
 ldap_group_search_filter = str, None, false