diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-02-18 01:03:40 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-03 18:47:05 +0100 |
commit | c9b0071bfcb8eb8c71e40248de46d23aceecc0f3 (patch) | |
tree | 7c9d55dba69c4b9e75bc8041d2a6e9bd75f44eaa /src/providers/ldap/ldap_init.c | |
parent | cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464 (diff) | |
download | sssd-c9b0071bfcb8eb8c71e40248de46d23aceecc0f3.tar.gz sssd-c9b0071bfcb8eb8c71e40248de46d23aceecc0f3.tar.xz sssd-c9b0071bfcb8eb8c71e40248de46d23aceecc0f3.zip |
SDAP: enable change phase of pw expire policy check
Implement new option which does checking password expiration policy
in accounting phase.
This allows SSSD to issue shadow expiration warning even if alternate
authentication method is used.
Resolves:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ldap/ldap_init.c')
-rw-r--r-- | src/providers/ldap/ldap_init.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 44333a9a3..8d5619779 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -423,6 +423,15 @@ int sssm_ldap_access_init(struct be_ctx *bectx, access_ctx->access_rule[c] = LDAP_ACCESS_HOST; } else if (strcasecmp(order_list[c], LDAP_ACCESS_LOCK_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_LOCKOUT; + } else if (strcasecmp(order_list[c], + LDAP_ACCESS_EXPIRE_POLICY_REJECT_NAME) == 0) { + access_ctx->access_rule[c] = LDAP_ACCESS_EXPIRE_POLICY_REJECT; + } else if (strcasecmp(order_list[c], + LDAP_ACCESS_EXPIRE_POLICY_WARN_NAME) == 0) { + access_ctx->access_rule[c] = LDAP_ACCESS_EXPIRE_POLICY_WARN; + } else if (strcasecmp(order_list[c], + LDAP_ACCESS_EXPIRE_POLICY_RENEW_NAME) == 0) { + access_ctx->access_rule[c] = LDAP_ACCESS_EXPIRE_POLICY_RENEW; } else { DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected access rule name [%s].\n", order_list[c]); |