quanah(a)zimbra.com wrote:
--On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price
<freebsd(a)jonathanprice.org> wrote:
> I do apologise for the confusion, I'll try to clarify below:
>
> Here is the command you ran successfully:
> /opt/zimbra/openldap/sbin/slappasswd -h
> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o
> module-load=pw-sha2 -s test
> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5
> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9
>
> Here is an example of me running just a plain SHA512
> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o
> module-load=pw-sha2
> {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUN
> zLDBMxfqa2Ob1f1ACio/w==
>
> And here is an example of me running a salted SHA512 (SSHA512)
> slappasswd -h '{SSHA512}' -o module-path=/usr/local/libexec/openldap -o
> module-load=pw-sha2 -s test
> Password verification failed.
>
> I hope this helps to clarify.
Yes, thank you. So I'm using 2.4.39. There were some minor changes to
slapd-sha2 in 2.4.40. I will see if I can reproduce the issue with current
RE24.
I have a FreeBSD 9 VM here with 2.4.40 installed from ports. Both SHA512
and SSHA512 work fine on it. Doesn't look to me like there's any
OpenLDAP bug here, this is one for the FreeBSD folks to sort out.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/