Hello,
Le 13/03/2021 à 00:11, Howard Chu a écrit :
Michael Ströder wrote:
On 3/12/21 5:20 PM, Benjamin Renard wrote:
In one of my OpenLDAP installation, I'm start using Ppolicy overlay and it's doesn't allow me to store multiple passwords in userPassword attribute as possible in regular situation.
What's your use-case? Up to now 100% of the concepts I saw relying on multiple user password were seriously flawed.
I'm looking for a solution that allowing me to keep using Ppolicy and have possibility to store an alternative user password (usually used by admins).
As Michael correctly points out, this is an incredibly bad approach.
Also, in LDAP it is fundamentally wrong. Instead, you should create
dedicated
admin accounts, and if you want to let them impersonate other
specific users,
give them AuthzTo privileges for use with proxy authorization.Thank
you for this idea that could solve my needs for LDAP only access, but I looking for a solution that could works with other services taht using LDAP directory as user accounts provider (a IMAP server for instance).
Can you confirm me that the name of the userPassword password is hard-coded in OpenLDAP and there is no configuration parameter to change/configure it ?
Regards,