Thanks Dan. I will give this a try.
-Mike > Date: Fri, 2 May 2014 09:05:32 -0500 > From: [email protected] > To: [email protected] > Subject: Re: Multiple userPasswords entries & resetting one value > CC: [email protected] > > On 05/01/14 21:36 -0400, Michael wrote: > >I have a user with a SSHA userPassword value as well as a SASL > >userPassword entry. The SASL entry will never change but I'd like to be > >able to reset and age the SSHA entry only. Is this aging of only one value > >possible with ppolicy and is it possible to handle manual resets with > >ldappasswd and/or utilizing an LDIF file? > > By SASL userPassword entry, do you mean a cleartext value, or a > {SASL}[email protected] pass-through entry? I'll assume cleartext. > > Try setting olcPasswordHash to {SSHA} only. slapd may (or may > not) leave the cleartext userPassword entry alone. I haven't used that > case. > > A more straight forward approach would be to store your sasl authentication > material in another sasl auxprop plugin (sasldb or sql) and set > olcSaslAuxprops appropriately. > > -- > Dan White >
