[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcPasswordHash scheme not available



Mustafa A. Hashmi wrote:

> Moving towards housing configuration data within openldap, I have the
> directory working correctly and reading cn=config without any issues.
> 
> However, if the password-hash {K5KEY} is specified, slapd refuses to
> start and immediately reports:
> 
> olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({K5KEY})
> olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
> config error processing cn=config: <olcPasswordHash> no valid hashes found
> 
> I am guessing this has to do with the order modules and configuration
> are loaded -- however, I am not at all sure.
> 
> The smbk5pwd module is loaded and the hash directive works correctly
> via slapd.conf.

That sounds like a bug.  In fact, {K5KEY} is loaded by smbk5pwd, so if
in slapd.conf you correctly load the module __before__ using
password-hash things work as expected.  However, when the configuration
is loaded from the back-config database, modules are loaded __after__
the global entry, which contains password-hash.  Apparently, checking
the value of the password-hash attribute must be deferred to __after__
loading the entire configuration.  This might be true in general.  I
suggest you file an ITS for this issue <http://www.openldap.org/its/>.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------