On 4/15/19 4:56 PM, A. Yuesuen wrote:
i'm trying to implement Ssha512 on my openldap server. i found out that the Building concepts on the www are old. there are nor slapd.conf file. So there is written i have to work with the cn=config file cause. Can someone help me please?
I'm using ubuntu 18.10 and the openldap version slapd.
BTW: You can still work with static config slapd.conf.
But the pw-sha2 module is an additional contrib module. So you have to check whether the OpenLDAP packages you're using actually ship this module.
If not an alternative is to use (static config syntax):
password-hash {CRYPT} password-crypt-salt-format "$6$%.12s"
The salt format is described in man page crypt(3) as follows:
sha512crypt A hash based on SHA-2 with 512-bit output, originally developed by Ulrich Drepper for GNU libc. Supported on Linux but not common elsewhere. Acceptable for new hashes. The default CPU time cost parameter is 5000, which is too low for modern hardware.
Prefix "$6$"
Hashed passphrase format $6$(rounds=[1-9][0-9]+$)?[./0-9A-Za- z]{1,16}$[./0-9A-Za-z]{86}
Maximum passphrase length unlimited
Hash size 512 bits
Salt size 6 to 96 bits
CPU time cost parameter 1000 to 999,999,999
Ciao, Michael.