[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7802) Global overlays are unusable with cn=config

To: openldap-its@openldap.org
Subject: (ITS#7802) Global overlays are unusable with cn=config
From: quanah@OpenLDAP.org
Date: Fri, 21 Feb 2014 01:22:19 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Quanah Gibson-Mount
Version: 2.4.39
OS: Linux 3.11
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.58.125)


Global overlays (such as pw-sha2 from contrib) are unusable with cn=config. 
This is because the module is loaded after the bootstrap of cn=config.ldif.

I.e., add the module as loaded:

olcModuleLoad: {7}pw-sha2.la to dn: cn=module{0}, cn=config

In cn=config.ldif, set:

olcPasswordHash: {SSHA512}

As long as slapd is not restarted, this works, because the module gets loaded,
and then the password hash gets set with the module loaded.

If you stop slapd and restart it, slapd will fail to load because it is loading
cn=config.ldif with the olcPasswordHash set to something it doesn't recognize
because it has not yet loaded the modules:

5306a920 >>> dnPrettyNormal: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
5306a920 <<< dnPrettyNormal: <cn=config>, <cn=config>
5306a920 >>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
5306a920 <<< dnNormalize: <cn=config>
5306a920 >>> dnNormalize: <cn=config>
=> ldap_bv2dn(cn=config,0)
<= ldap_bv2dn(cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=config)=0
5306a920 <<< dnNormalize: <cn=config>
5306a920 <= str2entry(cn=config) -> 0x1dd8008
5306a920 => test_filter
5306a920     PRESENT
5306a920 => access_allowed: search access to "cn=config" "objectClass"
requested
5306a920 <= root access granted
5306a920 => access_allowed: search access granted by manage(=mwrscxd)
5306a920 <= test_filter 6
5306a920 olcPasswordHash: value #0: <olcPasswordHash> scheme not available
({SSHA512})
5306a920 olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
5306a920 config error processing cn=config: <olcPasswordHash> no valid hashes
found
5306a920 send_ldap_result: conn=-1 op=0 p=0
5306a920 send_ldap_result: err=80 matched="" text=""
5306a920 slapd destroy: freeing system resources.
5306a920 slapd stopped.
5306a920 connections_destroy: nothing to destroy.

Prev by Date: (ITS#7801) test033-glue-syncrepl with bdb/hdb gets stuck on ppc64
Next by Date: Re: (ITS#7802) Global overlays are unusable with cn=config
Index(es):
- Chronological
- Thread