April 10, 2019 at 4:58 pm #25505someswara.reddy.karemParticipant
Customers passwords are stored in OpenDJ’s userPassword attribute and Customers passcodes (6 digit) will be stored in “passcode” (new custom attribute added to OpenDJ) attribute.
All customers will be under the below base dn:
dc=users, dc=company, dc=platform
And we have defined password and passcode policies accordingly.
1) How to enable password and passcode policies in OpenDJ appropriately for userPassword and passcode attributes??
And we would also wants to hash (SSHA-512) passcode values as like userPassword.
As far as I knew, we can apply password policies based on server and/or sub-entry. But in our scenario, all users are under the same base dn and we want to apply policies for userPassword and passcode attributes correspondingly. Is this possible at all??
It would be appreciated if you provide any guidance on this Thanks.
April 10, 2019 at 5:23 pm #25506LudoModerator
Unfortunately, there can only be a single password policy that apply to an entry (the pwdPolicySubentry operational attribute that indicates which password policy applies to the entry is single-valued).
The password policy was designed taking in consideration that there is a single password to authenticate a user (there is state associated that needs to be maintained in the entry).April 16, 2019 at 11:11 am #25607someswara.reddy.karemParticipant
Thanks Ludo for your response.
With this limitation, we are trying to implement the below changes to meet requirements:
1) Apply password policy to userPassword attribute only, however create custom passcode attribute to store hashed passcode values (Salted SHA-512) and we don’t apply passcode policy in OpenDJ, instead implement validations in application layer.
Our challenge: is it possible to configure passcode attribute to store hashed values without creating password policy??is there anyway to configure passcode attribute to store hashed values?? (like userPassword attribute)
And if we store hashed passcode values in passcode attribute in OpenDJ, can we login using username and passcode??if yes, what are the changes we need to implement in OpenAM trees/nodes?
Thanks for your time and support.
You must be logged in to reply to this topic.