[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Global modules and cn=config
- To: openldap-devel@openldap.org
- Subject: Re: Global modules and cn=config
- From: Quanah Gibson-Mount <quanah@zimbra.com>
- Date: Thu, 20 Feb 2014 18:03:37 -0800
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.8.4 edge02.zimbra.com 75E69A6267
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1392948219; bh=kI59ZlM4slGO+ZLa7PGY+9LC+OGru0yvFnlVa1qL1ZY=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=ejra717hB7R6OXo1h1G1/X3QngMfpZ0zR602ORsXATjZuYZzPJU6utrKJrYpLOjHd 0dFG3MYLg58MaDmctTBVE2Oszeocf+F1D+5Ofxrq3UyOPBKpF2zaXIhnfyIuEwZMZK 46v2i6ZyeFM+QG4HhIORSxH1gm1ncw8fNvrZhbLo=
- In-reply-to: <B94A9D6ADCED486E0C3928CE@[192.168.1.2]>
- References: <B94A9D6ADCED486E0C3928CE@[192.168.1.2]>
--On Thursday, February 20, 2014 5:26 PM -0800 Quanah Gibson-Mount
<quanah@zimbra.com> wrote:
Unfortunately, the current cn=config design makes it essentially
impossible to use global modules. For example, the pw-sha2 global module
for adding addtional hashing schemes cannot be used with cn=config. This
is because the olcPasswordHash value is loaded up when cn=config is
bootstrapped, prior to loading the global module. This means that the
value fails sanity checking, and slapd aborts. See also ITS#7802.
Ideas on how to address this chicken and egg issue welcome. ;)
Simple way to reproduce:
ldapmodify -x -H ldapi:/// -D cn=config -W
dn: cn=module{0}, cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2.la
ldapmodify -x -H ldapi:/// -D cn=config -W
dn: cn=config
changetype: modify
add: olcPasswordHash
olcPasswordHash: {SSHA512}
After this point, things will work as long as you don't restart slapd.
Once you restart slapd, slapd will abort because {SSHA512} is now no longer
a known hash.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration