Blame SOURCES/0027-RHEL-specific-document-the-ppolicy-option-default.patch

09a3f6
diff -up nss-pam-ldapd-0.8.13/man/nslcd.conf.5.ppolicy_option_default nss-pam-ldapd-0.8.13/man/nslcd.conf.5
09a3f6
--- nss-pam-ldapd-0.8.13/man/nslcd.conf.5.ppolicy_option_default	2019-09-17 09:53:26.723676439 +0200
09a3f6
+++ nss-pam-ldapd-0.8.13/man/nslcd.conf.5	2019-09-17 09:59:44.182750835 +0200
09a3f6
@@ -360,6 +360,14 @@ vulnerabilities which allow denial of se
09a3f6
 The default is to perform case-sensitve filtering of LDAP search
09a3f6
 results for the above maps.
09a3f6
 .TP 
09a3f6
+\*(T<\fBpam_authc_ppolicy\fR\*(T> yes|no
09a3f6
+This option specifies whether password policy controls are requested
09a3f6
+and handled from the LDAP server when performing user authentication.
09a3f6
+
09a3f6
+By default the controls are only requested and handled if this option
09a3f6
+is selected. This differs from the upstream default in order to retain
09a3f6
+backwards compatibility with previous RHEL-7 releases.
09a3f6
+.TP 
09a3f6
 \*(T<\fBpam_authz_search\fR\*(T> \fIFILTER\fR
09a3f6
 This option allows flexible fine tuning of the authorisation check that
09a3f6
 should be performed. The search filter specified is executed and