https://bugs.openldap.org/show_bug.cgi?id=7933

--- Comment #8 from Ondřej Kuzník ondra@mistotebe.net --- On Thu, Jan 26, 2023 at 01:53:22PM +0000, openldap-its@openldap.org wrote:

Could this be the reason why I get `attribute 'olcPasswordHash' not allowed` when trying to apply an .ldif file such as:

dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash olcPasswordHash: {CRYPT}

This has popped up in Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have copied the respective default frontend config file before this patch (see https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105).

As you suggest, this seems to be a Fedora packaging issue: them shipping an out of date ldif file where they might have been able to copy it from upstream source. Pretty sure in that case there's nothing that can be done on the OpenLDAP project side.

Someone might need to step up and help Fedora package maintainers deal with it if they say the existing team don't have the capacity.

Regards,