Operating System - HP-UX
1830899 Members
3096 Online
110017 Solutions
New Discussion

ldapclientd and userpassword attribute

 
Brandon Poyner
Occasional Advisor

ldapclientd and userpassword attribute

We're using an application (unidata 7.1) which appears to be authenticating the end user by doing a getpwnam system call and checking the user password itself (fwiw, unidata 7.2 will add PAM support when it comes out later this year).

Our problem is that the default configuration of the ldapux client is to return NULL for the userpassword attribute. I've set up a proxy user for the ldapux client and permitted it to return the actual userpassword attribute through an ACI and removing the "attributemap: passwd:userpassword=*NULL*" entry in ldapux_profile.ldif.

But now any user on the system can get at the userpassword attribute for all users (like a non-shadow system). Is there any means to restrict which system users can get the actual userpassword LDAP attribute, to make it behave more like a shadowed system?

Thanks,
Brandon