Description
Issue Description
The configuration option 'nsslapd-enable-upgrade-hash: on' allows to update, during a user bind, the password storage hash of the user password. The update sets the password storage hash to the one defined in the password policy (passwordStorageScheme)
If the current user password hash is 'CRYPT' or 'CLEAR' then the password storage hash is not updated. This is hardcoded.
This ticket is to make configurable the list of password hashes that are not updated.
A new attribute 'nsslapd-scheme-list-no-upgrade-hash' contains a list of comma separated hashes that are not updated. By default it contains the current hardcoded setting 'CRYPT,CLEAR'
Package Version and Platform:
- since 1.4.1
Steps to Reproduce
Provided testcase
Expected results
The list of hashes that are not updated during a bind should be configurable