On 3/22/21 8:20 AM, Dario García Díaz-Miguel wrote:
You should challenge this stupid policy. Not only because of password hashing, but also because release 2.4.46 is three years old. Newer OpenLDAP releases have many important fixes.>
Well we are not allowed to challenge any policy due to the sensitive nature of the project.
I'm often involved in sensitive projects with really strict regulations. Be assured you can challenge such a stupid policy by just making clear that the OS packages are not fully maintained anymore which pretty likely violates some of the security regulations.
And if you have an audit team in place you just have to follow a well-defined change management process. Well, most times you have to define such a process yourself and explain it to the audit team. ;-)
Ciao, Michael.