Operating System - HP-UX

1833012 Members

3030 Online

110048 Solutions

ldapclientd and userpassword attribute

We're using an application (unidata 7.1) which appears to be authenticating the end user by doing a getpwnam system call and checking the user password itself (fwiw, unidata 7.2 will add PAM support when it comes out later this year).

Our problem is that the default configuration of the ldapux client is to return NULL for the userpassword attribute. I've set up a proxy user for the ldapux client and permitted it to return the actual userpassword attribute through an ACI and removing the "attributemap: passwd:userpassword=*NULL*" entry in ldapux_profile.ldif.

But now any user on the system can get at the userpassword attribute for all users (like a non-shadow system). Is there any means to restrict which system users can get the actual userpassword LDAP attribute, to make it behave more like a shadowed system?

Thanks,
Brandon

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

ldapclientd and userpassword attribute

ldapclientd and userpassword attribute