[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcPasswordHash per database

To: Nikos Voutsinas <nvoutsin@gmail.com>, openldap-technical@openldap.org
Subject: Re: olcPasswordHash per database
From: Howard Chu <hyc@symas.com>
Date: Thu, 21 Sep 2017 14:29:29 +0100
In-reply-to: <WM!52739376950d46a6d3cddbdc8b0f86e9e13bab3d20d5196ad5cec44c90247b551848ad255bde0e590faca13e87f94a85!@mailstronghold-3.zmailcloud.com>
References: <CAJoHRihmX-i7dCVGg_gmCaROJ+BTQFT_8g+HP7tGbecwyV3J_Q@mail.gmail.com> <WM!52739376950d46a6d3cddbdc8b0f86e9e13bab3d20d5196ad5cec44c90247b551848ad255bde0e590faca13e87f94a85!@mailstronghold-3.zmailcloud.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1

Nikos Voutsinas wrote:

Hello,
We need for a specific database (olcDatabase) to force an SHA password hash,while keeping the default hashing scheme for the rest of them (the SSHA).However it seems that olcPasswordHash is not allowed with-in an olcDatabaseobject.
What's the suggested method to overwrite the default password hash for aspecific db?

Not currently supported. You're welcome to submit a patch to implement this.In the meantime, you can run a separate slapd instance, and tie it back in tothe first slapd using back-ldap.

Overall it's probably a bad idea though. If you have anything outside of slapddepending on the specific password hash mechanism, you're doing something wrong.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: olcPasswordHash per database
  - From: Nikos Voutsinas <nvoutsin@gmail.com>

References:
- olcPasswordHash per database
  - From: Nikos Voutsinas <nvoutsin@gmail.com>

Prev by Date: Re: olcPasswordHash per database
Next by Date: Re: olcPasswordHash per database
Index(es):
- Chronological
- Thread