summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/ldap_init.c
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-12-22 18:25:45 +0100
committerStephen Gallagher <sgallagh@redhat.com>2011-01-19 09:53:20 -0500
commitd73fcc5183a676aed4fd040714b87274248b784c (patch)
treeb1ce3d709a7539b7fa16e2bbf3c8aaf2716070c0 /src/providers/ldap/ldap_init.c
parent22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 (diff)
downloadsssd-d73fcc5183a676aed4fd040714b87274248b784c.tar.gz
sssd-d73fcc5183a676aed4fd040714b87274248b784c.tar.xz
sssd-d73fcc5183a676aed4fd040714b87274248b784c.zip
Add LDAP expire policy base RHDS/IPA attribute
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
Diffstat (limited to 'src/providers/ldap/ldap_init.c')
-rw-r--r--src/providers/ldap/ldap_init.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 61f923333..6b05690ed 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -346,7 +346,10 @@ int sssm_ldap_access_init(struct be_ctx *bectx,
"All domain users will be denied access.\n"));
} else {
if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0 &&
- strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0) {
+ strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0 &&
+ strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 &&
+ strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 &&
+ strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) {
DEBUG(1, ("Unsupported LDAP account expire policy [%s].\n",
dummy));
ret = EINVAL;