You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Error: Could not prefetch openldap_global_conf provider 'olc': Execution of '/usr/sbin/slapcat -b cn=config -o ldif-wrap=no -H ldap:///???(objectClass=olcGlobal)' returned 1: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({PBKDF2-SHA512})
The problem is that there doesn't seem to be any other way to set olcPasswordHash with this puppet module, or to specify the hashing agorithm for {CRYPT}.
What behaviour did you expect instead
It would be good if this limitation were documented in the module docs.
It would be better if the PBKDF-SHA512 config could be added to the frontend database configuration with this module.
The ability to set password-crypt-salt-format as per slapd.conf(5) to allow people to select which hashing method to use would also be good.
Output log
Info: Using environment 'my-org'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from my-org-prod-puppet7.my-org.org:8140 (XXX.XXX.XXX.XXX)
Notice: Catalog compiled by puppet.my-org.org
Info: Caching catalog for my-org-ldapserver.mgmt.my-org.org
Info: Applying configuration version '1717466906'
Error: Could not prefetch openldap_global_conf provider 'olc': Execution of '/usr/sbin/slapcat -b cn=config -o ldif-wrap=no -H ldap:///???(objectClass=olcGlobal)' returned 1: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({PBKDF2-SHA512})
olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
config error processing cn=config: <olcPasswordHash> no valid hashes found
slapcat: bad configuration file!
Warning: /Stage[main]/Openldap::Server::Slapdconf/Openldap::Server::Globalconf[TLSCertificate]/Openldap_global_conf[TLSCertificate]: Skipping because provider prefetch failed
Warning: /Stage[main]/Openldap::Server::Slapdconf/Openldap::Server::Globalconf[TLSCACertificateFile]/Openldap_global_conf[TLSCACertificateFile]: Skipping because provider prefetch failed
Error: Could not prefetch openldap_database provider 'olc': Execution of '/usr/sbin/slapcat -b cn=config -o ldif-wrap=no -H ldap:///???(|(olcDatabase=monitor)(olcDatabase={0}config)(&(objectClass=olcDatabaseConfig)(|(objectClass=olcBdbConfig)(objectClass=olcHdbConfig)(objectClass=olcMdbConfig)(objectClass=olcMonitorConfig)(objectClass=olcRelayConfig)(objectClass=olcLDAPConfig))))' returned 1: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({PBKDF2-SHA512})
olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
config error processing cn=config: <olcPasswordHash> no valid hashes found
slapcat: bad configuration file!
Warning: /Stage[main]/Profiles::mgmt/Openldap::Server::Database[dc=org-mgmt,dc=my-org,dc=org]/Openldap_database[dc=porwal-oob-mgmt,dc=my-org,dc=org]: Skipping because provider prefetch failed
Warning: /Stage[main]/Profiles::mgmt/Openldap::Server::Globalconf[LocalSSF]/Openldap_global_conf[LocalSSF]: Skipping because provider prefetch failed
Warning: /Stage[main]/Profiles::mgmt/Openldap::Server::Globalconf[Security]/Openldap_global_conf[Security]: Skipping because provider prefetch failed
Error: Could not prefetch openldap_module provider 'olc': Execution of '/usr/sbin/slapcat -b cn=config -o ldif-wrap=no -H ldap:///???(objectClass=olcModuleList)' returned 1: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({PBKDF2-SHA512})
olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
config error processing cn=config: <olcPasswordHash> no valid hashes found
slapcat: bad configuration file!
Warning: /Stage[main]/Profiles::mgmt/Openldap::Server::Module[pw-pbkdf2]/Openldap_module[pw-pbkdf2]: Skipping because provider prefetch failed
Warning: /Stage[main]/Profiles::mgmt/Openldap::Server::Globalconf[PasswordHash]/Openldap_global_conf[PasswordHash]: Skipping because provider prefetch failed
Notice: Applied catalog in 14.09 seconds
Any additional information you'd like to impart
Not sure if this is technically a bug, or a feature request.
Thanks.
The text was updated successfully, but these errors were encountered:
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Configure PasswordHash to PBKDF2-SHA512
What are you seeing
This happens because of this OpenLDAP not-a-bug
Puppet run fails:
The problem is that there doesn't seem to be any other way to set olcPasswordHash with this puppet module, or to specify the hashing agorithm for
{CRYPT}.What behaviour did you expect instead
password-crypt-salt-formatas per slapd.conf(5) to allow people to select which hashing method to use would also be good.Output log
Any additional information you'd like to impart
Not sure if this is technically a bug, or a feature request.
Thanks.
The text was updated successfully, but these errors were encountered: