summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-12-21 13:30:33 +0100
committerStephen Gallagher <sgallagh@redhat.com>2011-01-19 09:53:20 -0500
commit22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 (patch)
treefb69e82eea580199f7919ecf02a83b3339b8dbcc /src/providers/ipa
parent5352c9b3609bca63814f9f6f03dbbbadf6c6333a (diff)
downloadsssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.gz
sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.xz
sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.zip
Add LDAP expire policy based on AD attributes
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_common.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 4c96babc1..fe1257737 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -115,7 +115,9 @@ struct sdap_attr_map ipa_user_map[] = {
{ "ldap_user_krb_last_pwd_change", "krbLastPwdChange", SYSDB_KRBPW_LASTCHANGE, NULL },
{ "ldap_user_krb_password_expiration", "krbPasswordExpiration", SYSDB_KRBPW_EXPIRATION, NULL },
{ "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL },
- { "ldap_user_authorized_service", "authorizedService", SYSDB_AUTHORIZED_SERVICE, NULL }
+ { "ldap_user_authorized_service", "authorizedService", SYSDB_AUTHORIZED_SERVICE, NULL },
+ { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL},
+ { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}
};
struct sdap_attr_map ipa_group_map[] = {