On 4/15/19 4:56 PM, A. Yuesuen wrote:
i'm trying to implement Ssha512 on my openldap server. i found
out that
the Building concepts on the www are old. there are nor slapd.conf file.
So there is written i have to work with the cn=config file cause. Can
someone help me please?
I'm using ubuntu 18.10 and the openldap version slapd.
BTW: You can still work with static config slapd.conf.
But the pw-sha2 module is an additional contrib module. So you have to
check whether the OpenLDAP packages you're using actually ship this module.
If not an alternative is to use (static config syntax):
password-hash {CRYPT}
password-crypt-salt-format "$6$%.12s"
The salt format is described in man page crypt(3) as follows:
sha512crypt
A hash based on SHA-2 with 512-bit output, originally
developed by Ulrich Drepper for GNU libc. Supported on
Linux but not common elsewhere. Acceptable for new
hashes. The default CPU time cost parameter is 5000,
which is too low for modern hardware.
Prefix
"$6$"
Hashed passphrase format
\$6\$(rounds=[1-9][0-9]+\$)?[./0-9A-Za-
z]{1,16}\$[./0-9A-Za-z]{86}
Maximum passphrase length
unlimited
Hash size
512 bits
Salt size
6 to 96 bits
CPU time cost parameter
1000 to 999,999,999
Ciao, Michael.