Hi
I was wondering why the argon2 password module can only be built as a dynamic module, and not statically into the slapd binary, like other backends and overlays can be.
That would for example make it easier to use slappasswd -h {ARGON2} without having to specify -o module-load=argon2 and module-path etc.
Is it because you want to avoid link dependencies on 3rd party libsodium or libargon2 directly in slapd (and slappasswd) itself? Or just because it was previously a contrib module, and just copied over like that?
By the way, while looking at the code, I noticed a typo in configure.ac:
if test "$ol_enable_argon2" = "yes" ; then SLAPD_DYNAMIC_PWMODS="$SLAPD_DYNAMIC_PWDMODS argon2.la" fi ^^ ^^^
It's referencing two different variables there, which is harmless today, but will be a build bug once multiple password modules become available. SLAPD_DYNAMIC_PWMODS is the correct one.
Geert
--On Friday, June 2, 2023 3:58 PM +0200 Geert Hendrickx geert@hendrickx.be wrote:
By the way, while looking at the code, I noticed a typo in configure.ac:
if test "$ol_enable_argon2" = "yes" ; then SLAPD_DYNAMIC_PWMODS="$SLAPD_DYNAMIC_PWDMODS argon2.la" fi ^^ ^^^
It's referencing two different variables there, which is harmless today, but will be a build bug once multiple password modules become available. SLAPD_DYNAMIC_PWMODS is the correct one.
Thanks, filed https://bugs.openldap.org/show_bug.cgi?id=10063
--Quanah
openldap-technical@openldap.org
-
Geert Hendrickx -
Quanah Gibson-Mount