quanah@zimbra.com wrote:
--On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price freebsd@jonathanprice.org wrote:
I do apologise for the confusion, I'll try to clarify below:
Here is the command you ran successfully: /opt/zimbra/openldap/sbin/slappasswd -h '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o module-load=pw-sha2 -s test {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5 Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
Here is an example of me running just a plain SHA512 slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o module-load=pw-sha2 {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUN zLDBMxfqa2Ob1f1ACio/w==
And here is an example of me running a salted SHA512 (SSHA512) slappasswd -h '{SSHA512}' -o module-path=/usr/local/libexec/openldap -o module-load=pw-sha2 -s test Password verification failed.
I hope this helps to clarify.
Yes, thank you. So I'm using 2.4.39. There were some minor changes to slapd-sha2 in 2.4.40. I will see if I can reproduce the issue with current RE24.
I have a FreeBSD 9 VM here with 2.4.40 installed from ports. Both SHA512 and SSHA512 work fine on it. Doesn't look to me like there's any OpenLDAP bug here, this is one for the FreeBSD folks to sort out.
-
hyc@symas.com