On Thu, Mar 13, 2025 at 02:37:55PM +0000, Windl, Ulrich wrote:
> Hi!
>
> Even after having opened a support case with SUSE, it took about two
> weeks until I got any further:
>
> Essentially you cannot add the values to
> "olcDatabase={-1}frontend,cn=config", but only to "cn=config".
>
> However after that I got a new message when trying to change a user's
> password:
>
> Result: Constraint violation (19)
> Additional info: Password policy only allows one password value
>
> At that time I had two values assigned, but even after assigning only
> one value, the message did not change.
>
> Even more, slapd suddenly had exited and refused to restart with the messages:
>
> slapd[13769]: olcPasswordHash: value #0: <olcPasswordHash> scheme not
> available ({SSHA256})
> slapd[13769]: olcPasswordHash: value #0: <olcPasswordHash> no valid hashes
> found
> slapd[13769]: config error processing cn=config: <olcPasswordHash> no valid
> hashes found
> ...
>
> slapd[13769]: slapd stopped.
>
> Changes actually applied were:
>
> dn: cn=module{0},cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: {4}pw-sha2.so
>
> dn: cn=config
> changetype: modify
> replace: olcPasswordHash
> olcPasswordHash: {SSHA256}
Hi Ulrich,
you should be storing your olcPasswordHash on the frontend database, not
the 'cn=config' entry (because the module isn't loaded yet while that's
being processed). What error do you get when trying to write to
`olcDatabase={-1}frontend,cn=config`?
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
