On Thu, Mar 13, 2025 at 02:37:55PM +0000, Windl, Ulrich wrote:
Hi!
Even after having opened a support case with SUSE, it took about two weeks until I got any further:
Essentially you cannot add the values to "olcDatabase={-1}frontend,cn=config", but only to "cn=config".
However after that I got a new message when trying to change a user's password:
Result: Constraint violation (19) Additional info: Password policy only allows one password value
At that time I had two values assigned, but even after assigning only one value, the message did not change.
Even more, slapd suddenly had exited and refused to restart with the messages:
slapd[13769]: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({SSHA256}) slapd[13769]: olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found slapd[13769]: config error processing cn=config: <olcPasswordHash> no valid hashes found ...
slapd[13769]: slapd stopped.
Changes actually applied were:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {4}pw-sha2.so
dn: cn=config changetype: modify replace: olcPasswordHash olcPasswordHash: {SSHA256}
Hi Ulrich, you should be storing your olcPasswordHash on the frontend database, not the 'cn=config' entry (because the module isn't loaded yet while that's being processed). What error do you get when trying to write to `olcDatabase={-1}frontend,cn=config`?
Regards,