From e87f92f04f297fbdb0ae916945513a67b8a63044 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Fri, 1 Aug 2014 17:04:55 +0100 Subject: MAN: options 'lockout' and 'ldap_pwdlockout_dn' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/sssd/ticket/2364 Reviewed-by: Pavel Březina --- src/man/sssd-ldap.5.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'src') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index e8bcfd0d..eb3b8d23 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1913,6 +1913,13 @@ ldap_access_filter = (employeeType=admin) filter: use ldap_access_filter + + lockout: use account locking. + If set, this option denies access in case that ldap + attribute 'pwdAccountLockedTime' is present and has + value of '000001010000Z'. Please see the option + ldap_pwdlockout_dn. + expire: use ldap_account_expire_policy @@ -1936,6 +1943,26 @@ ldap_access_filter = (employeeType=admin) + + ldap_pwdlockout_dn (string) + + + This option specifies the DN of password policy entry + on LDAP server. Please note that absence of this + option in sssd.conf in case of enabled account + lockout checking will yield access denied as + ppolicy attributes on LDAP server cannot be checked + properly. + + + Example: cn=ppolicy,ou=policies,dc=example,dc=com + + + Default: cn=ppolicy,ou=policies,$ldap_search_base + + + + ldap_deref (string) -- cgit