On Thu, Sep 21, 2017 at 4:29 PM, Howard Chu hyc@symas.com wrote:
Nikos Voutsinas wrote:
Hello,
We need for a specific database (olcDatabase) to force an SHA password hash, while keeping the default hashing scheme for the rest of them (the SSHA). However it seems that olcPasswordHash is not allowed with-in an olcDatabase object.
What's the suggested method to overwrite the default password hash for a specific db?
Not currently supported. You're welcome to submit a patch to implement this. In the meantime, you can run a separate slapd instance, and tie it back in to the first slapd using back-ldap.
Overall it's probably a bad idea though. If you have anything outside of slapd depending on the specific password hash mechanism, you're doing something wrong.
Agree, however it is not my choice. It seems that Google's G Suite and Google Apps Password Sync is wrong.