--On Wednesday, November 4, 2020 4:32 PM +0000 "Thangavel, Parameswaran" Parameswaran.Thangavel@rsa.com wrote:
We hash at the application side (java) before persisting it into the table. We use SSHA256. At high level below is the pseudo code of hashing.
With OpenLDAP, you should let the LDAP server do the hashing rather than some external application, and ensure that an LDAPv3 Password modify extended operation is being used.
I would suggest loading the pw-sha2 contrib module as a part of your OpenLDAP configuration and seeing if it can work with the hashes created by your Java application.
I don't know whose OpenLDAP binary build you're using so it's difficult to say much beyond that, but the pw-sha2 module is generally included with RH, Debian, and Ubuntu builds of OpenLDAP.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com