--- contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h	2013-03-28 11:41:51.000000000 -0400
+++ contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h	2012-07-08 04:34:12.000000000 -0400
@@ -71,6 +71,16 @@
    1.0 release of nss-pam-ldapd is made. */
 #define NSLCD_VERSION 1
 
+/* Get a NSLCD configuration option. There is one request parameter:
+    INT32   NSLCD_CONFIG_*
+  the result value is:
+    STRING  value, interpretation depending on request */
+#define NSLCD_ACTION_CONFIG_GET        20006
+
+/* return the message, if any, that is presented to the user when password
+   modification through PAM is prohibited */
+#define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE  852
+
 /* Email alias (/etc/aliases) NSS requests. The result values for a
    single entry are:
      STRING      alias name
@@ -249,8 +262,10 @@
 #define NSLCD_PAM_NEW_AUTHTOK_REQD   12 /* Password expired */
 #define NSLCD_PAM_ACCT_EXPIRED       13 /* Account expired */
 #define NSLCD_PAM_SESSION_ERR        14 /* Cannot make/remove session record */
+#define NSLCD_PAM_AUTHTOK_ERR        20 /* Authentication token manipulation error */
 #define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
 #define NSLCD_PAM_IGNORE             25 /* Ignore module */
 #define NSLCD_PAM_ABORT              26 /* Fatal error */
+#define NSLCD_PAM_AUTHTOK_EXPIRED    27 /* authentication token has expired */
 
 #endif /* not _NSLCD_H */