masarati@aero.polimi.it wrote:
The manpage is correct. It clearly states "This setting is only allowed in the frontend entry."Right; I was mistaken by the fact that olcPasswordHash is allowed by class olcGlobal.
Yes, it's allowed in olcGlobal for backward compatibility with slapd.conf, which didn't enforce any distinction between "global" and "frontend" directives. But it's not evaluated there, since it's possible to specify a hash mechanism that is loaded from a module (and the moduleLoad parsing hasn't occurred yet when olcGlobal is read).
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/