Add new account expired rule to LDAP access provider

Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
author: Sumit Bose <sbose@redhat.com> 2010-11-22 14:24:23 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-12-06 09:30:13 -0500
commit: 32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (patch)
tree: 726ed591038967e12d559ccebd6eece6cd2520cb /src/providers/ldap/sdap.h
parent: 39875788b552ed157e68156e64e95dda5dc6aa43 (diff)
download: sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.gz
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.xz
sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 945de3743..4d52d5b3a 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -182,6 +182,8 @@ enum sdap_basic_opt {
     SDAP_NETGROUP_SEARCH_BASE,
     SDAP_NESTING_LEVEL,
     SDAP_DEREF,
+    SDAP_ACCOUNT_EXPIRE_POLICY,
+    SDAP_ACCESS_ORDER,
 
     SDAP_OPTS_BASIC /* opts counter */
 };
author	Sumit Bose <sbose@redhat.com>	2010-11-22 14:24:23 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-12-06 09:30:13 -0500
commit	32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (patch)
tree	726ed591038967e12d559ccebd6eece6cd2520cb /src/providers/ldap/sdap.h
parent	39875788b552ed157e68156e64e95dda5dc6aa43 (diff)
download	sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.gz sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.tar.xz sssd-32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a.zip