What i did is that: With each user (Uid) , i created multiple "userpassword attribute" values,
then, while authenticating, OpenLDAP will compare the input password with all the created password values --one by one If the input matched any one of the created pass => Access - Accept I also know that my scenario is somehow strange and not good, but it is really what i need! My policy is : with 1 user, just sends one pass in the "password pool" for his authentication becoming successfully (Access - Accept) Regards! Vào 22:31 Ngày 18 tháng 11 năm 2011, John Dennis <jden...@redhat.com> đã viết: On 11/18/2011 06:20 AM, Duong Manh Truong wrote: > >> Hi, >> Thanks for your reply :) >> >> I have a better news that: By using OpenLDAP for FR Authen & Authorization >> => I can configure multiple passwords for each user (Uid) >> and use 1 of those passwords for successfully Authentication! >> >> Although it is done manually now, but somehow it solves the matter ! >> >> If anyone have experienced this, please give some advices ! >> Example: How to do it automatically or >> How to create a pool of passwords then use the pool for multiple users :) >> > > Not exactly sure what you did, ldap does have the concept of multi-valued > attributes but that won't be of any use to you even if you set multiple > values for one attribute type (e.g. name). Why? The radius server can only > use one password for a user, not exactly sure what it will do if it get > more than one back from ldap, I assume it just picks the first one (where > first is probably non-deterministic). > > The bottom line is there must be a one-to-one mapping between users and > passwords. User's should have just one password, this is good practice. If > you want to write custom code you can bypass the limitation but really > really don't want to do that. > > Accept it as a given, 1 user, 1 password > > Also please be courteous and trim your emails of non-relevant text. > > -- > John Dennis <jden...@redhat.com> > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html