From 690a6ee2353e5922b3fda164259f09d161c39a2c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 7 Oct 2009 18:15:27 +0200 Subject: add support for server side LDAP password policies - password policy request controls are send during bind and change password extended operation - the response control is evaluated to see if the password is expired or will expire, soon --- server/providers/ldap/ldap_auth.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'server/providers/ldap/ldap_auth.c') diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index b1667c4bf..487fb0741 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -404,6 +404,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) switch (result) { case SDAP_AUTH_SUCCESS: + case SDAP_AUTH_PW_EXPIRED: DEBUG(7, ("user [%s] successfully authenticated.\n", state->dn)); subreq = sdap_exop_modify_passwd_send(state, state->breq->be_ctx->ev, @@ -541,6 +542,9 @@ static void sdap_pam_auth_done(struct tevent_req *req) case SDAP_UNAVAIL: state->pd->pam_status = PAM_AUTHINFO_UNAVAIL; break; + case SDAP_AUTH_PW_EXPIRED: + state->pd->pam_status = PAM_AUTHTOK_EXPIRED; + break; default: state->pd->pam_status = PAM_SYSTEM_ERR; } -- cgit