Le 2019-11-20 21:40, Jeremy Diaz a écrit :
Hello, Currently I have ldap entries with 2 userPassword attributes. One is aregular SHA password which the other one delegates to sasl. However this results in all entries binding through sasl rather than locally. I need some entries to default to sasl and other entries to default to SHA butstill failover to the other password entry. Is this possible through openldap?
Hello Jeremy,I have done some tests. I confirm that you can have 2 userPassword values, one SASL and the other regular. When you BIND with a password, it seems all values are tested, and if one match, then the BIND is successful. I don't see how you can select an order in the passwords.
But why is it a problem? With this setup, you can use SASL or regular password for an entry, and the failback will work.
-- Clément Oudot Worteks - https://www.worteks.com