Hi,
There was similar topic 5 years ago, but the problem wasn't completely solved. I've set `olcPasswordHash` to `{SASL}`, so ldappaswd is no longer smashing `userPassword` attribute.
I get the same error which Tim Watts encountered 5 years ago. https://www.openldap.org/lists/openldap-technical/201302/msg00190.html namely, ldappaswd says:
Result: Other (e.g., implementation specific) error (80) Additional info: scheme provided no hash function
Tim wrote:
However, the kerberos principle does get updated - and userPassword is left alone.
In my case I just get the error and the kerberos password is NOT updated.
Also, 9 years ago it was asked (https://www.openldap.org/lists/openldap-software/200909/msg00010.html):
- salspasswd2 calls sasl_setpass(), and a look at OpenLDAP sources
shows that passwd_extop()/slap_sasl_setpass() does the same. That suggests it is possible to have slapd doing the thing, but how does it works? In passwd_extop(), slap_sasl_setpass() will only be called if op-o_bd is NULL. In what situation does it happen?
But the question is not answered.
Does anyone remember how passwd_extop() works and how to get into the if-statement block with call to slap_sasl_setpass()?