diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-01-20 18:34:44 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-06 13:37:32 +0100 |
commit | 8ebc05498460ce28eff012649c892b248c53632f (patch) | |
tree | f3c4cf51f8b0cf9914d10ee136d00802a946b287 /src/man | |
parent | 3cace03ac7a2c4ff6d3469a3d3128c79a1882e43 (diff) | |
download | sssd-8ebc05498460ce28eff012649c892b248c53632f.tar.gz sssd-8ebc05498460ce28eff012649c892b248c53632f.tar.xz sssd-8ebc05498460ce28eff012649c892b248c53632f.zip |
SDAP: Lock out ssh keys when account naturally expires
Resolves:
https://fedorahosted.org/sssd/ticket/2534
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 9fbc47487..00da3964a 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1955,6 +1955,20 @@ ldap_access_filter = (employeeType=admin) be set for this feature to work. </para> <para> + <emphasis>ppolicy</emphasis>: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z' or represents any time in the past. + The value of 'pwdAccountLockedTime' attribute + must end with 'Z' as only UTC time zone is + currently suported. Please see the option + ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. + </para> + + <para> <emphasis>expire</emphasis>: use ldap_account_expire_policy </para> |