- add functionality to map shadowExpire from AD accountExpires attr

diff --git a/nss_ldapd.spec b/nss_ldapd.spec
index c441d4c730f8a96e6370c477b88dac2e9d21deeb..ba4fa2a18d469e66f20c6b50c9cebb88d7e53480 100644 (file)
--- a/nss_ldapd.spec
+++ b/nss_ldapd.spec
@@ -7,7 +7,7 @@ Summary(pl.UTF-8):      Moduł NSS LDAP
 Summary(pt_BR.UTF-8):  Biblioteca NSS para LDAP
 Name:          nss_ldapd
 Version:       0.9.2
-Release:       4
+Release:       4.1
 License:       LGPL v2.1+
 Group:         Base
 Source0:       http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz

diff --git a/shadowExpire-from-AD.patch b/shadowExpire-from-AD.patch
new file mode 100644 (file)
index 0000000..468fcc2
--- /dev/null
+++ b/shadowExpire-from-AD.patch
@@ -0,0 +1,25 @@
+--- nss-pam-ldapd-0.9.2/nslcd/shadow.c~        2013-12-24 23:52:54.743671978 +0100
++++ nss-pam-ldapd-0.9.2/nslcd/shadow.c 2013-12-25 12:03:02.282720882 +0100
+@@ -119,7 +119,7 @@
+   char *tmp;
+   size_t l;
+   /* do some special handling for date values on AD */
+-  if (strcasecmp(attr, "pwdLastSet") == 0)
++  if ((strcasecmp(attr, "pwdLastSet") == 0) || (strcasecmp(attr, "accountExpires") == 0))
+   {
+     /* we expect an AD 64-bit datetime value;
+        we should do date=date/864000000000-134774
+@@ -200,12 +200,12 @@
+   if (tmpvalue == NULL)
+     tmpvalue = "";
+   *lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange);
++  *expiredate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowExpire);
+   /* get other shadow properties */
+   GET_OPTIONAL_LONG(*mindays, shadowMin, -1);
+   GET_OPTIONAL_LONG(*maxdays, shadowMax, -1);
+   GET_OPTIONAL_LONG(*warndays, shadowWarning, -1);
+   GET_OPTIONAL_LONG(*inactdays, shadowInactive, -1);
+-  GET_OPTIONAL_LONG(*expiredate, shadowExpire, -1);
+   GET_OPTIONAL_LONG(*flag, shadowFlag, 0);
+   /* if we're using AD handle the flag specially */
+   if (strcasecmp(attmap_shadow_shadowLastChange, "pwdLastSet") == 0)