[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Is there a way to set a preference on entries with multiple userPassword attributes?
- To: Clément Oudot <clement.oudot@worteks.com>
- Subject: Re: Is there a way to set a preference on entries with multiple userPassword attributes?
- From: Jeremy Diaz <jeremy.diaz@rexconsulting.net>
- Date: Tue, 3 Dec 2019 05:56:28 -0800 (PST)
- Cc: openldap-technical <openldap-technical@openldap.org>
- Dkim-filter: OpenDKIM Filter v2.10.3 zrex1.rexconsulting.net A64736E011B
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexconsulting.net; s=2447EE78-3167-11E8-AC3D-677DCD1D4027; t=1575381388; bh=ipVIilfFTrHHQk0Sq0PBsbnAjoZS/9/FO0+5nAQMZK8=; h=Date:From:To:Message-ID:MIME-Version; b=QMKW71uCgw+1oLeM64x1iED58eeL5pxkckohQ4so6cC+Hz2XT0G7h0DxqxheaqLoR C1S4Qeld8YZxjZQmIH1nt9r6zgClVlCH02pCBfMkme6PeKEK8HXhjHfL84gWTEI0XT 0nEmgHUIw0/F7dcD3POrajslYQLq62E1cRyM9uiSJdnFW6qux6IpcgsEvbEwLe4WRc E4Rj1SBGhAgJFb7ETTQHWoiDPuly0uVAMX79PnFd6A/L2Zj0fx1yexh5tQrgNDnzYb xKaUb8mbbmXYgh1TdFKA4FoXfbhVqlLxq80E2dYfzIHjPqMsz5NDRUgMI52Vge2mcn t5sppUsH44XoQ==
- In-reply-to: <100cc4777b03c2a5d0d5eef09c271b80@worteks.com>
- References: <576393619.178284.1574282433395.JavaMail.zimbra@rexconsulting.net> <100cc4777b03c2a5d0d5eef09c271b80@worteks.com>
- Thread-index: Wpv6LOH25YOmFZslBJFKR7TXP1HVFQ==
- Thread-topic: Is there a way to set a preference on entries with multiple userPassword attributes?
Hi Clement,
Thanks for the response. It's an issue because there are certain accounts we want to auth directly with ldap since using sasl is much slower. However, with our current setup they are all going through sasl first.
Is ldap unable to assign a priority to a password entry?
Thanks,
Jeremy
----- Original Message -----
From: "Clément Oudot" <clement.oudot@worteks.com>
To: "Jeremy Diaz" <jeremy.diaz@rexconsulting.net>
Cc: "openldap-technical" <openldap-technical@openldap.org>
Sent: Tuesday, November 26, 2019 9:20:25 AM
Subject: Re: Is there a way to set a preference on entries with multiple userPassword attributes?
Le 2019-11-20 21:40, Jeremy Diaz a écrit :
> Hello,
>
> Currently I have ldap entries with 2 userPassword attributes. One is a
> regular SHA password which the other one delegates to sasl. However
> this
> results in all entries binding through sasl rather than locally. I
> need
> some entries to default to sasl and other entries to default to SHA
> but
> still failover to the other password entry. Is this possible through
> openldap?
Hello Jeremy,
I have done some tests. I confirm that you can have 2 userPassword
values, one SASL and the other regular. When you BIND with a password,
it seems all values are tested, and if one match, then the BIND is
successful. I don't see how you can select an order in the passwords.
But why is it a problem? With this setup, you can use SASL or regular
password for an entry, and the failback will work.
--
Clément Oudot
Worteks - https://urldefense.proofpoint.com/v2/url?u=https-3A__www.worteks.com&d=DwIDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=VOKxo8QxDHwhbBBE1S182a1tXWFTzesON29kmkJVj8Y&m=VsSrZ7Z-yspQRanVTNPW_t9Dv_WycGTuvMwH7fX_AVc&s=BvJQEcs0nmJnbkWy8mkzTjr6g-X_I8Bdup2m_Cx-Brg&e=
----------
This email has been scanned for spam and viruses by Proofpoint Essentials. Visit the following link to report this email as spam:
https://us1.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1574778033-nkjZf4HVzA6d&r_address=jeremy.diaz%40rexconsulting.net&report=