Le 2019-11-20 21:40, Jeremy Diaz a écrit :
Hello,
Currently I have ldap entries with 2 userPassword attributes. One is a regular SHA password which the other one delegates to sasl. However this results in all entries binding through sasl rather than locally. I need some entries to default to sasl and other entries to default to SHA but still failover to the other password entry. Is this possible through openldap?
Hello Jeremy,
I have done some tests. I confirm that you can have 2 userPassword values, one SASL and the other regular. When you BIND with a password, it seems all values are tested, and if one match, then the BIND is successful. I don't see how you can select an order in the passwords.
But why is it a problem? With this setup, you can use SASL or regular password for an entry, and the failback will work.
-- Clément Oudot
Worteks - https://www.worteks.com