[Pkg-openldap-devel] Bug#746727: cn=config olcPasswordHash and contrib passwd modules
Ryan Tandy
ryan at nardis.ca
Fri Jun 27 05:24:17 UTC 2014
Quanah noticed, and mentioned to me in IRC, that if you are using
cn=config and you set olcPasswordHash to a scheme provided by a module,
then slapd won't start, because it processes the global cn=config before
diving into the cn=module subtree(s). (It does work if you use
slapd.conf and specify moduleload before password-hash.)
I think this doesn't affect pw-netscape and pw-apr1 too badly, since
they are meant for importing existing hashes and shouldn't be used as
the scheme for new users; but users of pw-sha2 and pw-pbkdf2 are likely
to hit this.
I had already added pw-sha2 in git; I'm going to leave it as is for the
moment, pending reaction from upstream, but this should be considered
before uploading that.
thanks,
Ryan
More information about the Pkg-openldap-devel
mailing list