[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcGlobal vs. olcFrontendConfig
- To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
- Subject: Re: olcGlobal vs. olcFrontendConfig
- From: Howard Chu <hyc@symas.com>
- Date: Wed, 12 Jul 2017 16:56:00 +0100
- In-reply-to: <WM!e4d7132b80fc9e81c15697b6f33fe26f48f9fe0c3472b7038f09dc4662c26d04b4f7f9b9e582dd17351fc66e1575ed7c!@mailstronghold-2.zmailcloud.com>
- References: <51b9666e-f02b-760f-e15b-edfade9bf5f4@stroeder.com> <WM!e4d7132b80fc9e81c15697b6f33fe26f48f9fe0c3472b7038f09dc4662c26d04b4f7f9b9e582dd17351fc66e1575ed7c!@mailstronghold-2.zmailcloud.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1
Michael Ströder wrote:
HI!
I have to admit that when writing a static slapd.conf I do not make any distinction
regarding global config section and frontend config section.
So I wonder which criteria are applied to determine whether a parameter is put into
cn=config (olcGlobal) or olcDatabase={-1}frontend (olcFrontendConfig) when converting
slapd.conf to dynamic config.
In OpenLDAP 2.3 most global parameters were put into olcGlobal. We moved
parameters into olcFrontendConfig in OpenLDAP 2.4 whenever we found an item
that might depend on a loadable module, since olcModules are processed after
olcGlobal. The parser still accepts these items in olcGlobal, to retain
compatibility with configs migrated from 2.3, but in freshly generated
configs, the 2.4 olcGlobal will omit them.
Looking at a concrete configuration it does not make sense to me to put attribute
olcPasswordHash into olcDatabase={-1}frontend while putting
olcPasswordCryptSaltFormat into cn=config. There could even be conflicting values in both
entries.
A salt format is just a plain string, so it has no particular dependencies. A
hash requires actual code to implement it, and may depend on olcModule.
Background: I'd like to determine which password hash scheme and salt format is
configured by searching in back-config.
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/