Hello,
attached patch deprecates lockout option in 1-12 branch.
This was discussed in thread: SDAP: Lock out ssh keys when account naturally expires
This patch implements point number 2.
>> I would prefer if we didn't add a new option as well, but since we released
>> a version that only supported the lockout and not any other semantics,
>> I don't think we can get away with just changing the functionality. A
>> minor version can break functionality. But a major version can
>>
>> So I propose the following:
>> 1) Add a new value for ldap_access_order called "ppolicy" that would
>> evaluate the pwdAccountLockedTime fully, including the new
>> functionality in this patchset
>> 2) In 1.12, deprecate the "lockout" option and log a warning that it
>> will be removed in future relase and users should migrate to "ppolicy"
>> option
>> 3) In master (1.13), remove the "lockout" ldap_access_order value
I'll send patch for point number 3 in separate thread.
Thanks!