Since both the password-hash and password-crypt-salt-format are Global options, is it possible to specify the password-hash on a per BDB backend basis?
For example, I have 4 BDB backends and I'd like them all to have the CRYPT and salt listed below sans one BDB backend where it needs to be CLEARTEXT.
However, when I specify this configuration in sladp.conf and bounce slapd I get the following error when trying to change a users password with the ldappasswd command. It's worth nothing that an ldapmodify to the userPassword attribute works just fine. I use security ssf=256, which is a Global option as well on a per BDB backend basis and this works just fine so I assumed this config for hashes would work as well.
Error message:
"Result: Constraint violation (19) Additional info: Password policy only allows one password value"
Relevant config below:
## GLOBAL SETTING password-hash {CRYPT} password-crypt-salt-format $6$%.12s
### BDB DATABASE SETTING database bdb suffix "dc=testldap,dc=com" rootdn "cn=LDAPAdmin,dc=testldap,dc=com" directory /var/lib/ldap/testldap password-hash {CLEARTEXT}