[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Global modules and cn=config
- To: openldap-devel@openldap.org
- Subject: Global modules and cn=config
- From: Quanah Gibson-Mount <quanah@zimbra.com>
- Date: Thu, 20 Feb 2014 17:26:51 -0800
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.8.4 edge02.zimbra.com D5393A6266
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1392946012; bh=O5WcQcBgic74nGo+GdsiQvCxnt3GqcDi5rojS1Gudlo=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=FdDCxjMGsdJ9eLlS2zjn4c5io63FKz6HVBRTYgRYxSKvybHGdt3MWRTHMpdp8lWeu GYaH31i7na5SaWY0sm+5NCDtpKZvhSoPCU0JTYq2rt7rOUlYJ8FeINOzn54m15SNmu 4cuEIN9wF8SPuc8qny0+ZrjiJjqb1Ho3u2nwvqQE=
Unfortunately, the current cn=config design makes it essentially impossible
to use global modules. For example, the pw-sha2 global module for adding
addtional hashing schemes cannot be used with cn=config. This is because
the olcPasswordHash value is loaded up when cn=config is bootstrapped,
prior to loading the global module. This means that the value fails sanity
checking, and slapd aborts. See also ITS#7802.
Ideas on how to address this chicken and egg issue welcome. ;)
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration