https://bugs.openldap.org/show_bug.cgi?id=9656
--- Comment #6 from [email protected] <[email protected]> --- (In reply to David Coutadeur from comment #5) > > "If for some reasons, any parameter is not found, it will be given its > > default value." > > this is true for ppm parameters, not for password policy parameters. > Especially, pwdCheckModule does not have default values. > > > > when using ppm.so in OpenLDAP 2.4 the ppm.so,while included in the schema, > > didn't need the fully qualified pathname (I assume that the path was > > handled via the modulepath statement in the slapd.conf) and I don't know > > that that particular change is documented anywhere particularly succinctly. > > I don't think ppolicy can guess any extension path... Neither in 2.4 nor in > 2.5. it worked as such in 2.4, doesn't work as such in 2.5. Don't know why but it did and is right now. > > > Either 1). slapd shouldn't start if these parameters are requirements when > > using ppolicy > > These parameters can evolve while OpenLDAP is running. As I explained > before, it is the responsability of the admin to ensure the pwdCheckModule > parameter is set accordingly. Granted, my resonsibility, but then it's your responsibility to make sure that changes from one version to the next are clearly documented so I know what I'm supposed to be doing. as I said, I didn't find the documentation particularly clear on this point. > > > > 2). slapd shouldn't crash and should give a warning that default values are > > being used and one should verify if those defaults are valid or simply warn > > that ppolicy won't be used as necessary settings have not been populated. > > slapd can't know any requirement about a given extended module. Essentially, what I'm reading here is "too bad, so sad, we're not going to make slapd handle this gracefully". -- You are receiving this mail because: You are on the CC list for the issue.
