From af81aaa57f82eab78647113c391bd84247f96150 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 16 Feb 2010 14:11:00 +0100 Subject: Better cleanup task handling Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391 --- src/providers/ipa/ipa_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/providers/ipa/ipa_common.h') diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 60c7313f..75be55e2 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following define is used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 31 +#define IPA_OPTS_BASIC_TEST 32 enum ipa_basic_opt { IPA_DOMAIN = 0, -- cgit