Learn more about these different git repos.
Other Git URLs
Hello everyone,
I noticed sssd displays account locked info only when integrated with AD
I've done some researches and found that if i edit src/providers/ldap/sdap_async_connection.c like the patch above, ldap also shows account locked info.
/ ==Connect-to-LDAP-Server=============================================== /
@@ -789,6 +790,11 @@ static void simple_bind_done(struct sdap_op *op, "Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error)); + if(strstr(ldap_passwordpolicy_err2txt(pp_error),"Account locked")) + { + syslog(LOG_ERR,"Error detected: %s",ldap_passwordpolicy_err2txt(pp_error)); + ret = ERR_ACCOUNT_LOCKED; + } if (!state->ppolicy) state->ppolicy = talloc_zero(state, struct sdap_ppolicy_data);
Hi,
thank you for the suggestion. It would be a good idea to add the warning for LDAP password policies as well. But I think comparing with a string might not be the most reliable way to detect the locked state. I'll check the related documents for LDAP password policies to see if there is a better way.
bye, Sumit
Hello Sumit,
I understand your concern about string comparison but i couldn't find a suitable way. I am sure you will find a better way.
Thanks in advance, izzet
Metadata Update from @pbrezina: - Issue tagged with: Future milestone, New hire task
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4928
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.