Pierangelo Masarati wrote:
That sounds like a bug. In fact, {K5KEY} is loaded by smbk5pwd, so if
in slapd.conf you correctly load the module __before__ using
password-hash things work as expected. However, when the configuration
is loaded from the back-config database, modules are loaded __after__
the global entry, which contains password-hash. Apparently, checking
the value of the password-hash attribute must be deferred to __after__
loading the entire configuration. This might be true in general. I
suggest you file an ITS for this issue <http://www.openldap.org/its/>.
If it's a general problem, then we're going to need to re-shuffle the layout of
the cn=config tree so that global directives are processed after any modules
are loaded. But I think password mechs are the only item that can be registered
at runtime that currently have a problem.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
