masarati@aero.polimi.it wrote:
-----Original Message----- Is the 'password-hash' configuration function a server-wide setting only or can it be set to different values for separate databases? I'm trying to add MAC-auth RADIUS functionality to my LDAP server (openldap-2.4.21) and I need to store the password for the MAC addresses in cleartext. I also use the LDAP server for user login which I don't want to keep in cleartext. So, my thought was to have 'password-hash {SSHA}' for the users database, and 'password-hash {CLEARTEXT}' for the RADIUS database, but it appears that it's a global so I'm pretty sure this won't work.Yes, each database can have a different hashing mechanism set. http://www.openldap.org/software/man.cgi?query=slapd-config&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=htmlI'm afraid that man page is incorrect. As far as I know, that directive is global, not database specific. That's what I get from the code (and what I remembered). You can check yourself by adding the directive and inspecting the content of cn=config. We need at least to fix the manpage.
The manpage is correct. It clearly states "This setting is only allowed in the frontend entry."
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/