[Date Prev][Date Next] [Chronological] [Thread] [Top]

Specifying multiple password hashes

Since both the password-hash and password-crypt-salt-format are Global options, is it possible to specify the password-hash on a per BDB backend basis?

For example, I have 4 BDB backends and I'd like them all to have the CRYPT and salt listed below sans one BDB backend where it needs to be CLEARTEXT.

However, when I specify this configuration in sladp.conf and bounce slapd I get the following error when trying to change a users password with the ldappasswd command. It's worth nothing that an ldapmodify to the userPassword attribute works just fine. I use security ssf=256, which is a Global option as well on a per BDB backend basis and this works just fine so I assumed this config for hashes would work as well.

Error message:

"Result: Constraint violation (19) Additional info: Password policy only allows one password value"

Relevant config below:

password-hash {CRYPT}
password-crypt-salt-format $6$%.12s

database bdb
suffix "dc=testldap,dc=com"
rootdn "cn=LDAPAdmin,dc=testldap,dc=com"
directory /var/lib/ldap/testldap
password-hash {CLEARTEXT}