[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multiple passwords. Configurable bind attribute. Etc..
"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:
> At present, slapd(8) itself will only use userPassword to
> verify the directory user's password.
Would it be possible, using slapo-rwm, to rewrite userPassword to
another attribute in the database, or have I misunderstood what
slapo-rwm can do?
> Applications, of course, may or may not use userPassword to verify
> application user passwords. See the documentation for particular
> applications to see what their capabilities are.
Of course. In this case I'd like to use the PADL pam_ldap/nss_ldap,
to authenticate users in a Linux environment. pam_ldap authenticates
by doing a bind, so the most ideal solution would be if I could
configure slapd to verify the directory user's password against
another attribute than userPassword.
Hmm.. it might be possible to configure nss_ldap to provide a shadow
map with info from OpenLDAP. I'll have to look into that. Still, a
solution where it binds to the slapd the normal way is probably
preferrably. For example, I'd like to use the password policy
overlays.
Is there a way to translate an attribute name on a master slapd to
another attribute name on a replica? Or can it perhaps be done using
LDAP Sync replication?
Btw, I have to admit I'm a bit confused by this "LDAP Sync
Replication" compared to "slurpd replication". I understand how the
latter works, and I think I understand how the former works, but what
are the advantages/disadvantages of the two models? What different
problems do they solve?
Thanks,
\EF
--
Erik Forsberg http://www.lysator.liu.se/~forsberg/
GPG/PGP Key: 1024D/0BAC89D9