From d73fcc5183a676aed4fd040714b87274248b784c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 22 Dec 2010 18:25:45 +0100
Subject: Add LDAP expire policy base RHDS/IPA attribute

The attribute nsAccountLock is used by RHDS, IPA and other directory
servers to indicate that the account is locked.
---
 src/config/SSSDConfig.py                 | 1 +
 src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
 2 files changed, 2 insertions(+)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index d84509c1b..aed683bd9 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -174,6 +174,7 @@ option_strings = {
     'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'),
     'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'),
     'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'),
+    'ldap_ns_account_lock' : _('nsAccountLock attribute'),
 
     'ldap_group_search_base' : _('Base DN for group lookups'),
     # not used # 'ldap_group_search_scope' : _('Scope of group lookups'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 064438316..440ebff87 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -60,6 +60,7 @@ ldap_user_authorized_service = str, None, false
 ldap_pwd_attribute = str, None, false
 ldap_user_ad_account_expires = str, None, false
 ldap_user_ad_user_account_control = str, None, false
+ldap_ns_account_lock = str, None, false
 ldap_group_search_base = str, None, false
 ldap_group_search_scope = str, None, false
 ldap_group_search_filter = str, None, false
-- 
cgit