Mustafa A. Hashmi wrote:
Moving towards housing configuration data within openldap, I have the directory working correctly and reading cn=config without any issues.
However, if the password-hash {K5KEY} is specified, slapd refuses to start and immediately reports:
olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({K5KEY}) olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found config error processing cn=config: <olcPasswordHash> no valid hashes found
I am guessing this has to do with the order modules and configuration are loaded -- however, I am not at all sure.
The smbk5pwd module is loaded and the hash directive works correctly via slapd.conf.
That sounds like a bug. In fact, {K5KEY} is loaded by smbk5pwd, so if in slapd.conf you correctly load the module __before__ using password-hash things work as expected. However, when the configuration is loaded from the back-config database, modules are loaded __after__ the global entry, which contains password-hash. Apparently, checking the value of the password-hash attribute must be deferred to __after__ loading the entire configuration. This might be true in general. I suggest you file an ITS for this issue http://www.openldap.org/its/.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------