diff options
| author | Pavel Reichl <preichl@redhat.com> | 2015-01-20 18:34:44 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-05 20:30:43 +0100 |
| commit | 13ec767e6ca3e435e119f1f07bda10eb213383f6 (patch) | |
| tree | faef47c375200d7a915e920ad63e6b223f572531 /src/man | |
| parent | 5a5c5cdeb92f4012fc75fd717bfea06598f68f12 (diff) | |
| download | sssd-13ec767e6ca3e435e119f1f07bda10eb213383f6.tar.gz sssd-13ec767e6ca3e435e119f1f07bda10eb213383f6.tar.xz sssd-13ec767e6ca3e435e119f1f07bda10eb213383f6.zip | |
SDAP: Lock out ssh keys when account naturally expires
Resolves:
https://fedorahosted.org/sssd/ticket/2534
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index dca9938b8..613b63f69 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1955,6 +1955,20 @@ ldap_access_filter = (employeeType=admin) be set for this feature to work. </para> <para> + <emphasis>ppolicy</emphasis>: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z' or represents any time in the past. + The value of 'pwdAccountLockedTime' attribute + must end with 'Z' as only UTC time zone is + currently suported. Please see the option + ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. + </para> + + <para> <emphasis>expire</emphasis>: use ldap_account_expire_policy </para> |