[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can password-hash be database specific? also, storing and verifying cleartext passwords



masarati@aero.polimi.it wrote:

The manpage is correct. It clearly states "This setting is only allowed in
the
frontend entry."

Right; I was mistaken by the fact that olcPasswordHash is allowed by class
olcGlobal.

Yes, it's allowed in olcGlobal for backward compatibility with slapd.conf, which didn't enforce any distinction between "global" and "frontend" directives. But it's not evaluated there, since it's possible to specify a hash mechanism that is loaded from a module (and the moduleLoad parsing hasn't occurred yet when olcGlobal is read).

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/