From af81aaa57f82eab78647113c391bd84247f96150 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 16 Feb 2010 14:11:00 +0100 Subject: Better cleanup task handling Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391 --- src/providers/ipa/ipa_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/providers/ipa/ipa_common.c') diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 7686227a5..92da9d170 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -64,7 +64,8 @@ struct dp_option ipa_def_ldap_opts[] = { /* use the same parm name as the krb5 module so we set it only once */ { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, - { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE } + { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER } }; struct sdap_attr_map ipa_attr_map[] = { -- cgit