[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcPasswordHash scheme not available
Howard Chu wrote:
Pierangelo Masarati wrote:
That sounds like a bug. In fact, {K5KEY} is loaded by smbk5pwd, so if
in slapd.conf you correctly load the module __before__ using
password-hash things work as expected. However, when the configuration
is loaded from the back-config database, modules are loaded __after__
the global entry, which contains password-hash. Apparently, checking
the value of the password-hash attribute must be deferred to __after__
loading the entire configuration. This might be true in general. I
suggest you file an ITS for this issue <http://www.openldap.org/its/>.
If it's a general problem, then we're going to need to re-shuffle the
layout of the cn=config tree so that global directives are processed
after any modules are loaded. But I think password mechs are the only
item that can be registered at runtime that currently have a problem.
It seems to be so. I'm considering different approaches:
* force some sequentiality in parsing config entries; for example:
- schema first
- then modules (modules may rely on presence of schema)
- then the rest
but this is not ensuring the right ordering of thngs
* turn failed config parsing into a list of modifications
to be recursively reapplied later until either success
or a complete run thru the list results in no success
This also does not ensure the right ordering
* change the layout so that config database parsing from LDIF
is treated differently from slapd.conf, in two phases:
- read-in
- validation
In all the above cases there's no guarantee the original ordering is
preserved, so the safest solution would be to keep a changelog of
configuration to be rolled-in again at startup instead of relying on the
configuration stored on disk.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------