| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/sssd/ticket/978
|
| |
|
|
|
|
| |
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
| |
The attribute nsAccountLock is used by RHDS, IPA and other directory
servers to indicate that the account is locked.
|
|
|
|
|
|
| |
The second bit of userAccountControl is used to determine if the account
is enabled or disabled. accountExpires is checked to see if the account
is expired.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/670
|
|
|
|
|
|
| |
Over the time a couple of new config options didn't made it into the
config API files. This patch updates the files and removes some
duplications.
|
|
|
|
| |
Otherwise fallback to the default modifyTimestamp indicator
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two new options are added to the LDAP access provider to allow a broader
range of access control rules to be evaluated.
'ldap_access_order' makes it possible to run more than one rule. To keep
compatibility with older versions the default is 'filter'. This patch
adds a new rule 'expire'.
'ldap_account_expire_policy' specifies which LDAP attribute should be
used to determine if an account is expired or not. Currently only
'shadow' is supported which evaluates the ldap_user_shadow_expire
attribute.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
For the time being, if krb5_server is not found, still falls back to
krb5_kdcip with a warning. If both options are present in config file,
krb5_server has a higher priority.
Fixes: #543
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.
Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
|
|
|
|
|
|
|
|
| |
* add forgotten ldap_dns_service option
* sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir)
* ldap_uri is no longer mandatory for LDAP provider - the default is to
use service discovery with no address set now. Ditto for krb5_kdcip
and ipa_server
|
| |
|
|
Also update BUILD.txt
|