[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcPasswordHash scheme not available
Mustafa A. Hashmi wrote:
> Moving towards housing configuration data within openldap, I have the
> directory working correctly and reading cn=config without any issues.
>
> However, if the password-hash {K5KEY} is specified, slapd refuses to
> start and immediately reports:
>
> olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({K5KEY})
> olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
> config error processing cn=config: <olcPasswordHash> no valid hashes found
>
> I am guessing this has to do with the order modules and configuration
> are loaded -- however, I am not at all sure.
>
> The smbk5pwd module is loaded and the hash directive works correctly
> via slapd.conf.
That sounds like a bug. In fact, {K5KEY} is loaded by smbk5pwd, so if
in slapd.conf you correctly load the module __before__ using
password-hash things work as expected. However, when the configuration
is loaded from the back-config database, modules are loaded __after__
the global entry, which contains password-hash. Apparently, checking
the value of the password-hash attribute must be deferred to __after__
loading the entire configuration. This might be true in general. I
suggest you file an ITS for this issue <http://www.openldap.org/its/>.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------