Another strange thing about passwords on the same machine. As I told you before, we switch to ssha as paswordhash. The server works. But now we start to create new passwords with "slappasswd", we are getting a {SSHA}<hash>. But when change the password via ldif. The password is never valid. We did it several times, and it's always the same. But when changing passwords via LDAP account manager, the password works, them when creating the SSHA-password with: https://projects.marsching.org/weave4j/util/genpassword.php
The OpenLDAP-Server runs on a vmWare vm with the following CPU ------------- processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz stepping : 7 microcode : 0x713 cpu MHz : 2294.250 cache size : 15360 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm pti ibrs ibpb stibp tsc_adjust arat arch_capabilities bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown retbleed bogomips : 4588.50 clflush size : 64 cache_alignment : 64 address sizes : 43 bits physical, 48 bits virtual power management: ------------- Any idea? A log time ago I read something about problems with Entropy in vmWare but I can't remember what it was. Could this be my problem with argon2 and slappasswd?
Am 08.03.23 um 15:38 schrieb Stefan Kania:
I think I found the problem:
The host has a 12 year old CPU Intel Xeon E5-2630 . Together with argon2 as passwordhash there is a problem. As soon as I switrch to SSHA everything is working fine.
Can someone confirm it?
Thank's to Ulrich for pushing me in the right direction ;-)
Am 08.03.23 um 14:30 schrieb Stefan Kania:
Am 08.03.23 um 14:11 schrieb Ulrich Windl:
Maybe examine the compiler flags, compiler version and CPU running the binary.
I use the symas-packeages from repository. I did not compile it on my own ;-)