summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/sdap_access.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 3ef45b717..14ec34508 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -741,6 +741,21 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx,
DEBUG(SSSDBG_CRIT_FAILURE,
"sdap_account_expired_rhds failed.\n");
}
+
+ if (ret == EOK &&
+ strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "IPA access control succeeded, checking AD "
+ "access control\n");
+ ret = sdap_account_expired_ad(pd, user_entry);
+ if (ret == ERR_ACCOUNT_EXPIRED || ret == ERR_ACCESS_DENIED) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "sdap_account_expired_ad: %s.\n", sss_strerror(ret));
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sdap_account_expired_ad failed.\n");
+ }
+ }
} else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) {
ret = sdap_account_expired_nds(pd, user_entry);
if (ret == ERR_ACCESS_DENIED) {
generated by cgit (git 2.34.1) at 2024-07-07 12:25:18 +0000