Hi,

There was similar topic 5 years ago, but the problem wasn't completely solved. I've set `olcPasswordHash` to `{SASL}`, so ldappaswd is no longer smashing `userPassword` attribute.

I get the same error which Tim Watts encountered 5 years ago. https://www.openldap.org/lists/openldap-technical/201302/msg00190.html namely, ldappaswd says:

Result: Other (e.g., implementation specific) error (80) Additional info: scheme provided no hash function

Tim wrote:

However, the kerberos principle does get updated - and userPassword is left alone.

In my case I just get the error and the kerberos password is NOT updated.

Also, 9 years ago it was asked (https://www.openldap.org/lists/openldap-software/200909/msg00010.html):

• salspasswd2 calls sasl_setpass(), and a look at OpenLDAP sources

shows that passwd_extop()/slap_sasl_setpass() does the same. That suggests it is possible to have slapd doing the thing, but how does it works? In passwd_extop(), slap_sasl_setpass() will only be called if op-o_bd is NULL. In what situation does it happen?

But the question is not answered.

Does anyone remember how passwd_extop() works and how to get into the if-statement block with call to slap_sasl_setpass()?