diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-03-25 05:03:12 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-14 16:35:31 +0200 |
commit | 108a49f0e816d95cf75a1e964f63b397e53c8b56 (patch) | |
tree | 082ba02d96a84b75fc754943cfff50e849e73322 /src | |
parent | 9696ce0c9ff737c873ddbf54fab91355d71e8698 (diff) | |
download | sssd-108a49f0e816d95cf75a1e964f63b397e53c8b56.tar.gz sssd-108a49f0e816d95cf75a1e964f63b397e53c8b56.tar.xz sssd-108a49f0e816d95cf75a1e964f63b397e53c8b56.zip |
LDAP: warn about lockout option being deprecated
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_access.c | 9 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 9756a5547..1b7a2609a 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1963,6 +1963,13 @@ ldap_access_filter = (employeeType=admin) be set for this feature to work. </para> <para> + <emphasis> + Please note that this option is superseded by + the <quote>ppolicy</quote> option and might be + removed in a future release. + </emphasis> + </para> + <para> <emphasis>ppolicy</emphasis>: use account locking. If set, this option denies access in case that ldap attribute 'pwdAccountLockedTime' is present and has diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 474cbb7ed..3ef45b717 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -212,7 +212,13 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, /* we are done with no errors */ return EOK; + /* This option is deprecated by LDAP_ACCESS_PPOLICY */ case LDAP_ACCESS_LOCKOUT: + DEBUG(SSSDBG_MINOR_FAILURE, + "WARNING: %s option is deprecated and might be removed in " + "a future release. Please migrate to %s option instead.\n", + LDAP_ACCESS_LOCK_NAME, LDAP_ACCESS_PPOLICY_NAME); + subreq = sdap_access_ppolicy_send(state, state->ev, state->be_ctx, state->domain, state->access_ctx, @@ -221,7 +227,8 @@ static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, state->user_entry, PWP_LOCKOUT_ONLY); if (subreq == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "sdap_access_ppolicy_send failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "sdap_access_ppolicy_send failed.\n"); return ENOMEM; } |