[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcPasswordHash

To: openldap-technical@openldap.org
Subject: Re: olcPasswordHash
From: Nerijus Kislauskas <nerijus.kislauskas@ktu.lt>
Date: Thu, 18 Jul 2013 11:30:24 +0300
In-reply-to: <51E6AE82.4020100@ktu.lt>
References: <51E6AE82.4020100@ktu.lt>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12

On 07/17/2013 05:47 PM, Nerijus Kislauskas wrote:

Hi community,

We want implement password politics in our DIT, and are testing ppolicy and found issues using olcPasswordHash, Password Modify Extension and so. Here are my testings:

Hi everyone,

ÂÂÂ I think I found the solution. Because we had all forms of passwords in cn=config somehow frontend database inherited them. LDIF below seems did a trick:

dn: cn=config
changetype: modify
delete: olcPasswordHash

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcPasswordHash

Now default is {SSHA} as said in documentation. Why "frontend" inherits olcPasswordHash from "cn=config"? What "frontend" database is for? I basicaly working with cn=config and our database, why I should also deconfigure something from "frontend" to restore defaults?

Also ppolicy error message "Additional info: Password policy only allows one password value" is gone now and ppolicy overlay is working as expected.

-- 
Pagarbiai,
Nerijus Kislauskas
KTU ITD, Litnet valdymo centras
Studentu g. 48a - 101, Kaunas
tel.: (8~37) 30 06 45
mob. tel.: 8-614-93889
e-mail.: nerijus.kislauskas@ktu.lt

References:
- olcPasswordHash
  - From: Nerijus Kislauskas <nerijus.kislauskas@ktu.lt>

Prev by Date: Re: mdb fixes for 2.4.35?
Next by Date: Re: unable to query rootdn on slave via external auth
Index(es):
- Chronological
- Thread