From 22f4c1b86dcf5589e63f2ae043dc65a8f72f6f18 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 21 Dec 2010 13:30:33 +0100 Subject: Add LDAP expire policy based on AD attributes The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired. --- src/providers/ldap/sdap_access.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/providers/ldap/sdap_access.h') diff --git a/src/providers/ldap/sdap_access.h b/src/providers/ldap/sdap_access.h index 66193a6dd..28c857f61 100644 --- a/src/providers/ldap/sdap_access.h +++ b/src/providers/ldap/sdap_access.h @@ -34,6 +34,7 @@ #define LDAP_ACCESS_SERVICE_NAME "authorized_service" #define LDAP_ACCOUNT_EXPIRE_SHADOW "shadow" +#define LDAP_ACCOUNT_EXPIRE_AD "ad" enum ldap_access_rule { LDAP_ACCESS_EMPTY = -1, -- cgit