[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcPasswordHash per database
- To: Nikos Voutsinas <nvoutsin@gmail.com>, openldap-technical@openldap.org
- Subject: Re: olcPasswordHash per database
- From: Howard Chu <hyc@symas.com>
- Date: Thu, 21 Sep 2017 14:29:29 +0100
- In-reply-to: <WM!52739376950d46a6d3cddbdc8b0f86e9e13bab3d20d5196ad5cec44c90247b551848ad255bde0e590faca13e87f94a85!@mailstronghold-3.zmailcloud.com>
- References: <CAJoHRihmX-i7dCVGg_gmCaROJ+BTQFT_8g+HP7tGbecwyV3J_Q@mail.gmail.com> <WM!52739376950d46a6d3cddbdc8b0f86e9e13bab3d20d5196ad5cec44c90247b551848ad255bde0e590faca13e87f94a85!@mailstronghold-3.zmailcloud.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1
Nikos Voutsinas wrote:
Hello,
We need for a specific database (olcDatabase) to force an SHA password hash,
while keeping the default hashing scheme for the rest of them (the SSHA).
However it seems that olcPasswordHash is not allowed with-in an olcDatabase
object.
What's the suggested method to overwrite the default password hash for a
specific db?
Not currently supported. You're welcome to submit a patch to implement this.
In the meantime, you can run a separate slapd instance, and tie it back in to
the first slapd using back-ldap.
Overall it's probably a bad idea though. If you have anything outside of slapd
depending on the specific password hash mechanism, you're doing something wrong.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/