Re: Multiple userPassword attributes for one single leaf

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

slapd(8) should check the asserted password against each
value of userPassword.

Kurt

At 01:36 PM 12/8/2005, Christophe Gravier wrote:
>Hello,
>
>I am sorry if it has already covered by I hadn't find any information about my question in ml archive.
>
>I want to be able to offer the possibility to my users to have 2 different userPassword attributes: one for rich application client authentification (the one that already exist actually) and another for authentification from phones.
>(I want it easier to enter one's password from a cellular, just like a pin or something ...)
>
>I know userPassword is a multiple attribute field (it has been covered in a previous thread).
>But !
>
>On my OpenLdap instance (Debian etch testing, slapd -V gives me : OpenLDAP: slapd 2.2.26 (Oct 31 2005 09:10:53).
>
>let's say I have a userPassword filed values pass1 and another set to pass2 (SHA-2 hash).
>
>I'm only able to get authentificated against one single password, in fact the last edited.
>If I set userPassword to pass1 then the other attribute userPassword to pass2, then only authentification with pass2 works. Consequently, if I set pass2 for one userPassword attribute then pass1 for the other userPassword attribute, only authentification with pass1 works.
>
>Is there any configuration I should set to get userPassword authentification against one or the other userPassword ? Did I missed something in the manual or slapd.conf ? (I didn't find something regarding this particular issue).
>
>Thanks in advance,
>
>Best Regards,
>
>-- 
>Christophe Gravier
>Laboratoire DIOM, groupe SATIn - Doctorant
>ISTASE - Ingénieur d'études
>Perso: http://perso.univ-st-etienne.fr/gravchri/
>SATIn: http://www.istase.com/satin
>Tel : 04 7748 5034
>A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html