diff options
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 175ec3568..65c679d61 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -436,6 +436,34 @@ </varlistentry> <varlistentry> + <term>ldap_user_ad_account_expires (string)</term> + <listitem> + <para> + When using ldap_account_expire_policy=ad, this + parameter contains the name of an LDAP attribute + storing the expiration time of the account. + </para> + <para> + Default: accountExpires + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_ad_user_account_control (string)</term> + <listitem> + <para> + When using ldap_account_expire_policy=ad, this + parameter contains the name of an LDAP attribute + storing the user account control bit field. + </para> + <para> + Default: userAccountControl + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_user_principal (string)</term> <listitem> <para> @@ -1128,6 +1156,13 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com is expired. </para> <para> + <emphasis>ad</emphasis>: use the value of the 32bit + field ldap_user_ad_user_account_control and allow + access if the second bit is not set. If the + attribute is missing access is granted. Also the + expiration time of the account is checked. + </para> + <para> Default: Empty </para> </listitem> |