diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-12-21 13:30:33 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-19 09:53:20 -0500 |
| commit | 22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 (patch) | |
| tree | fb69e82eea580199f7919ecf02a83b3339b8dbcc /src/providers/ldap/ldap_init.c | |
| parent | 5352c9b3609bca63814f9f6f03dbbbadf6c6333a (diff) | |
| download | sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.gz sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.tar.xz sssd-22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18.zip | |
Add LDAP expire policy based on AD attributes
The second bit of userAccountControl is used to determine if the account
is enabled or disabled. accountExpires is checked to see if the account
is expired.
Diffstat (limited to 'src/providers/ldap/ldap_init.c')
| -rw-r--r-- | src/providers/ldap/ldap_init.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index d5dad3607..61f923333 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -345,7 +345,8 @@ int sssm_ldap_access_init(struct be_ctx *bectx, "but no ldap_account_expire_policy configured. " "All domain users will be denied access.\n")); } else { - if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0) { + if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0 && + strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0) { DEBUG(1, ("Unsupported LDAP account expire policy [%s].\n", dummy)); ret = EINVAL; |