--On Wednesday, November 4, 2020 4:32 PM +0000 "Thangavel, Parameswaran"
We hash at the application side (java) before persisting it into the
table. We use SSHA256. At high level below is the pseudo code of hashing.
With OpenLDAP, you should let the LDAP server do the hashing rather than
some external application, and ensure that an LDAPv3 Password modify
extended operation is being used.
I would suggest loading the pw-sha2 contrib module as a part of your
OpenLDAP configuration and seeing if it can work with the hashes created by
your Java application.
I don't know whose OpenLDAP binary build you're using so it's difficult to
say much beyond that, but the pw-sha2 module is generally included with RH,
Debian, and Ubuntu builds of OpenLDAP.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: