From be1697216fc62578c00606458b0ff390c575ef67 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 16 Nov 2009 13:56:57 +0100 Subject: Add ldap_pwd_policy option --- server/providers/ldap/ldap_common.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'server/providers/ldap/ldap_common.c') diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c index 6236707fe..58c6d692f 100644 --- a/server/providers/ldap/ldap_common.c +++ b/server/providers/ldap/ldap_common.c @@ -55,7 +55,8 @@ struct dp_option default_basic_opts[] = { { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ - { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING } }; struct sdap_attr_map generic_attr_map[] = { @@ -157,6 +158,7 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sdap_attr_map *default_group_map; struct sdap_options *opts; char *schema; + const char *pwd_policy; int ret; opts = talloc_zero(memctx, struct sdap_options); @@ -195,6 +197,20 @@ int ldap_get_options(TALLOC_CTX *memctx, dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE))); } + pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); + if (pwd_policy == NULL) { + DEBUG(1, ("Missing password policy, this may not happen.\n")); + ret = EINVAL; + goto done; + } + if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && + strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && + strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { + DEBUG(1, ("Unsupported password policy [%s].\n", pwd_policy)); + ret = EINVAL; + goto done; + } + /* schema type */ schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA); if (strcasecmp(schema, "rfc2307") == 0) { -- cgit