[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple userPasswords entries & resetting one value

To: Michael <mlstarling31@hotmail.com>
Subject: Re: Multiple userPasswords entries & resetting one value
From: Dan White <dwhite@olp.net>
Date: Fri, 2 May 2014 09:05:32 -0500
Cc: openldap <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <BAY172-W45213DDEEA1F516032D7E5D4430@phx.gbl>
References: <BAY172-W45213DDEEA1F516032D7E5D4430@phx.gbl>
User-agent: Mutt/1.5.23 (2014-03-12)

On 05/01/14 21:36 -0400, Michael wrote:

I have a user with a SSHA userPassword value as well as a SASL
userPassword entry. The SASL entry will never change but I'd like to be
able to reset and age the SSHA entry only. Is this aging of only one value
possible with ppolicy and is it possible to handle manual resets with
ldappasswd and/or utilizing an LDIF file?


By SASL userPassword entry, do you mean a cleartext value, or a
{SASL}user@domain.com pass-through entry? I'll assume cleartext.

Try setting olcPasswordHash to {SSHA} only. slapd may (or may
not) leave the cleartext userPassword entry alone. I haven't used that
case.

A more straight forward approach would be to store your sasl authentication
material in another sasl auxprop plugin (sasldb or sql) and set
olcSaslAuxprops appropriately.

--
Dan White

Follow-Ups:
- RE: Multiple userPasswords entries & resetting one value
  - From: Michael <mlstarling31@hotmail.com>

References:
- Multiple userPasswords entries & resetting one value
  - From: Michael <mlstarling31@hotmail.com>

Prev by Date: RE: Getting the list of members in an AD group
Next by Date: Re: Getting the list of members in an AD group
Index(es):
- Chronological
- Thread