You know what?… That’s a good idea.
I’m so used to rolling my own (since 2005-ish) that I just keep doing things the same way.
We do have some custom schema files to add, but that shouldn’t be a problems.
I’ll give the Symas or LTB packages a try.

Thanks,
Scott

On Apr 5, 2023, at 11:30 AM, Quanah Gibson-Mount <quanah@fast-mail.org> wrote:



--On Wednesday, April 5, 2023 11:38 AM -0700 Scott Classen <sclassen@lbl.gov> wrote:

Hello,

According to: servers/slapd/pwmods/README.argon2

Building
--------

1) Customize the OPENLDAP variable in Makefile to point to the OpenLDAP
source root.

For initial testing you might also want to edit DEFS to define
SLAPD_ARGON2_DEBUG, which enables logging to stderr (don't leave this on
in production, as it prints passwords in cleartext).

2) Run 'make' to produce argon2.so

3) Copy argon2.so somewhere permanent.

4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:

moduleload ...path/to/argon2.so

5) Restart slapd.



When I run make from within servers/slapd/pwmods/ I get the following
error:

[user@machine openldap-2.6.4]# cd servers/slapd/pwmods/
[user@machine pwmods]# make
make: *** No rule to make target 'dummyvalue', needed by 'all-common'.
Stop.


I'm not sure what "dummyvalue" is supposed to be so I commented out
line 288 in servers/slapd/pwmods/Makefile

You might want to consider using the already built packages from Symas or the LTB project rather than rolling your own, both have argon2 support.

<https://repo.symas.com/>

<https://ltb-project.org/download.html>

However, the documentation you're reading is out of date, argon2 is just part of the normal build process now if you enable it with:

--enable-argon2

Perhaps file an ITS that that document needs updating, since it's incorrect.

--Quanah