diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-01-20 18:34:44 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-06 13:48:47 +0100 |
commit | 39dad5421f792c699f341556dc4fb80e82a47ed0 (patch) | |
tree | cc4312d948041508b83f5afb07b75c9e975bfd33 /src/man/sssd-ldap.5.xml | |
parent | 8f9459bd92ab2b8878f3ca5d2bc5b6c57e808d76 (diff) | |
download | sssd-39dad5421f792c699f341556dc4fb80e82a47ed0.tar.gz sssd-39dad5421f792c699f341556dc4fb80e82a47ed0.tar.xz sssd-39dad5421f792c699f341556dc4fb80e82a47ed0.zip |
SDAP: Lock out ssh keys when account naturally expires
Resolves:
https://fedorahosted.org/sssd/ticket/2534
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 9fbc47487..00da3964a 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1955,6 +1955,20 @@ ldap_access_filter = (employeeType=admin) be set for this feature to work. </para> <para> + <emphasis>ppolicy</emphasis>: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z' or represents any time in the past. + The value of 'pwdAccountLockedTime' attribute + must end with 'Z' as only UTC time zone is + currently suported. Please see the option + ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. + </para> + + <para> <emphasis>expire</emphasis>: use ldap_account_expire_policy </para> |