[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple userPassword attributes for one single leaf



At 05:55 PM 12/8/2005, Christophe Gravier wrote:
>Kurt D. Zeilenga wrote:
>
>>slapd(8) should check the asserted password against each
>>value of userPassword.
>>
>> 
>It seems it is not true :-(
>
>With more tests, it seems it authentificate against a random pick between the two userPassword (not forcely always the last updated)

Well, I suggest that you document a method to duplicate
the problem using only OpenLDAP Software (e.g., slapd
and ldapwhoami) and then submit a bug report with this
information.  Be sure to use the latest version of
OpenLDAP Software.

Kurt


>Christophe.
>
>>Kurt
>>
>>At 01:36 PM 12/8/2005, Christophe Gravier wrote:
>> 
>>
>>>Hello,
>>>
>>>I am sorry if it has already covered by I hadn't find any information about my question in ml archive.
>>>
>>>I want to be able to offer the possibility to my users to have 2 different userPassword attributes: one for rich application client authentification (the one that already exist actually) and another for authentification from phones.
>>>(I want it easier to enter one's password from a cellular, just like a pin or something ...)
>>>
>>>I know userPassword is a multiple attribute field (it has been covered in a previous thread).
>>>But !
>>>
>>>On my OpenLdap instance (Debian etch testing, slapd -V gives me : OpenLDAP: slapd 2.2.26 (Oct 31 2005 09:10:53).
>>>
>>>let's say I have a userPassword filed values pass1 and another set to pass2 (SHA-2 hash).
>>>
>>>I'm only able to get authentificated against one single password, in fact the last edited.
>>>If I set userPassword to pass1 then the other attribute userPassword to pass2, then only authentification with pass2 works. Consequently, if I set pass2 for one userPassword attribute then pass1 for the other userPassword attribute, only authentification with pass1 works.
>>>
>>>Is there any configuration I should set to get userPassword authentification against one or the other userPassword ? Did I missed something in the manual or slapd.conf ? (I didn't find something regarding this particular issue).
>>>
>>>Thanks in advance,
>>>
>>>Best Regards,
>>>
>>>-- Christophe Gravier
>>>Laboratoire DIOM, groupe SATIn - Doctorant
>>>ISTASE - Ingénieur d'études
>>>Perso: http://perso.univ-st-etienne.fr/gravchri/
>>>SATIn: http://www.istase.com/satin
>>>Tel : 04 7748 5034
>>>A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html
>>>   
>>
>> 
>
>
>-- 
>Christophe Gravier
>Laboratoire DIOM, groupe SATIn - Doctorant
>ISTASE - Ingénieur d'études
>Perso: http://perso.univ-st-etienne.fr/gravchri/
>SATIn: http://www.istase.com/satin
>Tel : 04 7748 5034
>A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html