On Fri, Feb 15, 2013 at 02:28:50PM +0530, Rajnesh Kumar Siwal wrote:
We have an attribute pwdAccountLockedTime in OpenLDAP that is
responsible for for locking a User account.
I am not able to figure out how sssd honours it.
The attribute is part of the server side password policies
(
http://tools.ietf.org/html/draft-behera-ldap-password-policy-10). It
will be managed by the OpenLDAP server and the lockout is also enforced
by the OpenLDAP server, i.e. bind requests will be rejected. See 'man
slapo-ppolicy'
(
http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&sektion=...)
for details.
Since all is happening on the server side there is no need for SSSD to
be aware of this attribute.
HTH
bye,
Sumit
--
Regards,
Rajnesh Kumar Siwal
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel