Fix check for values of expiration limits

There were inconsistencies between what sssd.conf manpage said
and what the code enforces.

2 files changed, 3 insertions, 3 deletions

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 171d261b6..a3ec028f3 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -467,8 +467,8 @@
                             Number of days entries are left in cache after
                             last successful login before being removed during
                             a cleanup of the cache. 0 means keep forever.
-                            The value of this parameter must be bigger than
-                            offline_credentials_expiration.
+                            The value of this parameter must be greater than or
+                            equal to offline_credentials_expiration.
                         </para>
                         <para>
                             Default: 0 (unlimited)
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index a67ea3626..b5765c276 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -251,7 +251,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
         goto done;
     }
     if (offline_credentials_expiration && account_cache_expiration &&
-        offline_credentials_expiration >= account_cache_expiration) {
+        offline_credentials_expiration > account_cache_expiration) {
         DEBUG(1, ("Value of %s (now %d) must be larger "
                   "than value of %s (now %d)\n",
                   opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,