openldap-technical December 2021

openldap-technical@openldap.org

21 participants
32 discussions

Re: 2.6 rhel8 rpm pkg - lastbind module issue
by Dave Macias 01 Dec '21

01 Dec '21

> > Im looking at > > this: https://git.openldap.org/openldap/openldap/-/blob/6327f45d7de73f66 > > 9fa438d4f5823e139cf4e6b4/contrib/slapd-modules/lastbind/slapo-lastbind.5 > > > > slapadd -n 1 -F /opt/symas/etc/openldap/slapd.d -l data.ldif > > <= str2entry: str2ad(authTimestamp): attribute type undefined > > slapadd: could not parse entry (line=24) > > Closing DB... > > You need the fix for ITS#9725 to make use of authTimestamp. > I see. Thank you for the input! So then i guess i have to wait until the fix is applied to the OS pkgs. Best, Dave

2 1

ppolicy-question
by A. Schulze 01 Dec '21

01 Dec '21

Hello, using slapo-ppolicy I could configure slapd to hash a password if it's sent unhashed. moduleload ppolicy.la moduleload argon2.la password-hash {ARGON2} database mdb suffix dc=test ... overlay ppolicy ppolicy_default "cn=default,ou=ppolicies,dc=test" ppolicy_hash_cleartext That work and I could hash them using ARGON2. But clients could still hash a password them self and write '{MD5}...' as userPassword for example. Is it possible to reject any userPasswords prefixed with hash schema? Andreas

4 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2021