diff options
| author | Pavel Reichl <preichl@redhat.com> | 2015-02-18 01:03:40 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-04 11:06:42 +0100 |
| commit | 7b6bd420977df4de406387b7541fda367b502cf2 (patch) | |
| tree | ab991024e4d3cffeda4d18acc1ecd575d907c224 /src/providers/ldap/sdap_access.h | |
| parent | c3ee0dec4b6e54138225af722293b90cb900d41c (diff) | |
| download | sssd-7b6bd420977df4de406387b7541fda367b502cf2.tar.gz sssd-7b6bd420977df4de406387b7541fda367b502cf2.tar.xz sssd-7b6bd420977df4de406387b7541fda367b502cf2.zip | |
SDAP: enable change phase of pw expire policy check
Implement new option which does checking password expiration policy
in accounting phase.
This allows SSSD to issue shadow expiration warning even if alternate
authentication method is used.
Resolves:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c9b0071bfcb8eb8c71e40248de46d23aceecc0f3)
(cherry picked from commit d3f82e944dc5dab3812700a245deec4aa3245b21)
Diffstat (limited to 'src/providers/ldap/sdap_access.h')
| -rw-r--r-- | src/providers/ldap/sdap_access.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_access.h b/src/providers/ldap/sdap_access.h index f085e6199..a8c663910 100644 --- a/src/providers/ldap/sdap_access.h +++ b/src/providers/ldap/sdap_access.h @@ -39,6 +39,9 @@ #define LDAP_ACCESS_FILTER_NAME "filter" #define LDAP_ACCESS_EXPIRE_NAME "expire" +#define LDAP_ACCESS_EXPIRE_POLICY_REJECT_NAME "pwd_expire_policy_reject" +#define LDAP_ACCESS_EXPIRE_POLICY_WARN_NAME "pwd_expire_policy_warn" +#define LDAP_ACCESS_EXPIRE_POLICY_RENEW_NAME "pwd_expire_policy_renew" #define LDAP_ACCESS_SERVICE_NAME "authorized_service" #define LDAP_ACCESS_HOST_NAME "host" #define LDAP_ACCESS_LOCK_NAME "lockout" @@ -57,6 +60,9 @@ enum ldap_access_rule { LDAP_ACCESS_SERVICE, LDAP_ACCESS_HOST, LDAP_ACCESS_LOCKOUT, + LDAP_ACCESS_EXPIRE_POLICY_REJECT, + LDAP_ACCESS_EXPIRE_POLICY_WARN, + LDAP_ACCESS_EXPIRE_POLICY_RENEW, LDAP_ACCESS_LAST }; |