Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1099290
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
1. Proposed title of this feature request Be able to configure sssd to honor openldap account lock to restrict access via ssh key 2. Who is the customer behind the request? 3. What is the nature and description of the request? Currently if a system uses openldap for its authentication database and sssd to handle client sessions, if a user is locked for any reason in openldap the user can still authenticate into the system with an ssh key. The existing ppolicy overlay doesn't account for this. sssd should be able to take an ldap key as a config parameter and use that to deny any access if the account is locked in the ldap database, no matter the authentication method. Specifically, we need support for the following: *pwdAccountLockedTime* This attribute contains the time that the user's account was locked. If the account has been locked, the password may no longer be used to authenticate the user to the directory. If*pwdAccountLockedTime* is set to *000001010000Z*, the user's account has been permanently locked and may only be unlocked by an administrator. Note that account locking only takes effect when the *pwdLockout* password policy attribute is set to "*TRUE*".
Requested by RHEL-6, moving to 1.11.7
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => milestone: NEEDS_TRIAGE => SSSD 1.11.7 review: True => 0 selected: => testsupdated: => 0
Fields changed
owner: somebody => preichl
patch: 0 => 1
resolution: => fixed status: new => closed
master branch commit: 2a91d3d
mark: => 0
Metadata Update from @jhrozek: - Issue assigned to preichl - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3406
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.