From d73fcc5183a676aed4fd040714b87274248b784c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 22 Dec 2010 18:25:45 +0100 Subject: Add LDAP expire policy base RHDS/IPA attribute The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked. --- src/man/sssd-ldap.5.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src/man') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 65c679d6..b133b3bc 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -463,6 +463,20 @@ + + ldap_ns_account_lock (string) + + + When using ldap_account_expire_policy=rhds or + equivalent, this parameter determines if access is + allowed or not. + + + Default: nsAccountLock + + + + ldap_user_principal (string) @@ -1162,6 +1176,12 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com attribute is missing access is granted. Also the expiration time of the account is checked. + + rhds, ipa, + 389ds: + use the value of ldap_ns_account_lock to check if + access is allowed or not. + Default: Empty -- cgit