https://bugs.openldap.org/show_bug.cgi?id=7933

--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to nilskemail+github from comment #6)

Could this be the reason why I get `attribute 'olcPasswordHash' not allowed` when trying to apply an .ldif file such as:

dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash olcPasswordHash: {CRYPT}

This has popped up in Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have copied the respective default frontend config file before this patch (see https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105).

I'd open a bug with redhat as to why they're doing this at all. {CRYPT} hashes are not portable. If they want to support secure hashes, they should use the ARGON2 module.

You also fail to state what version of OpenLDAP you're reporting against. This bug was fixed in 2014, so unless RH is using an absolutely ancient version of OpenLDAP, this would not be related. You probably should describe the issue(s) you are encountering in a post to the openldap-technical email list (https://lists.openldap.org)