diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-08-01 17:04:55 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-27 14:25:11 +0200 |
| commit | e87f92f04f297fbdb0ae916945513a67b8a63044 (patch) | |
| tree | 786c8b9ed81e8eb4f6bbff3316b28520660f330a /src | |
| parent | 2a91d3dd0ce4387332db27bd1a0c0005c74f870e (diff) | |
| download | sssd-e87f92f04f297fbdb0ae916945513a67b8a63044.tar.gz sssd-e87f92f04f297fbdb0ae916945513a67b8a63044.tar.xz sssd-e87f92f04f297fbdb0ae916945513a67b8a63044.zip | |
MAN: options 'lockout' and 'ldap_pwdlockout_dn'
Resolves:
https://fedorahosted.org/sssd/ticket/2364
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index e8bcfd0d1..eb3b8d23f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1914,6 +1914,13 @@ ldap_access_filter = (employeeType=admin) <emphasis>filter</emphasis>: use ldap_access_filter </para> <para> + <emphasis>lockout</emphasis>: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z'. Please see the option + ldap_pwdlockout_dn. + </para> + <para> <emphasis>expire</emphasis>: use ldap_account_expire_policy </para> @@ -1937,6 +1944,26 @@ ldap_access_filter = (employeeType=admin) </varlistentry> <varlistentry> + <term>ldap_pwdlockout_dn (string)</term> + <listitem> + <para> + This option specifies the DN of password policy entry + on LDAP server. Please note that absence of this + option in sssd.conf in case of enabled account + lockout checking will yield access denied as + ppolicy attributes on LDAP server cannot be checked + properly. + </para> + <para> + Example: cn=ppolicy,ou=policies,dc=example,dc=com + </para> + <para> + Default: cn=ppolicy,ou=policies,$ldap_search_base + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_deref (string)</term> <listitem> <para> |