--On Friday, April 14, 2023 8:54 PM +0000 Lukas Adrian Kron lukaskron@posteo.de wrote:
Hello Quanah,
thank you for your response. I read through the documentation and I verified that in the path "/usr/lib/ldap" under olcModulePath there are Argon2 files.
argon2-2.5.so.0 argon2-2.5.so.0.1.9 argon2.la argon2.so
Further there is already a module loaded "{0}back_mdb". Sadly I always get an error when trying to add the Argon2-Module "[LDAP result code 80 - other] cannot delete olcModuleLoad"
I list the things I tried setting as a new value in olcModuleLoad
Each from the list above Each from the list above with {1} in the beginning Each from the list above with {} and {0}
I do not understand why this is happening as I am not trying to delete any module, I try to set a new value in addition to back_mdb. I checked, that this is also happening with any other module in the Path.
You haven't supplied what commands you are actually running so it's impossible to help you much further. But what I would expect your general ldapmodify command to look like is:
ldapmodify ... dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: argon2.la
Once that works, then to make it the password hash to be used with ldap v3 password modify operations:
ldapmodify ... dn: olcDatabase={-1}frontend,cn=config changetype: replace replace: olcPasswordHash olcPasswordHash: {ARGON2}
Note that this would remove any other password hashes as default possibilties (You can still use passwords that use other schemes than what's built into OpenLDAP as long as the modules for them are also loaded).
--Quanah