--On Thursday, July 16, 2020 11:08 PM +0200 Jehan PROCACCIA jehan.procaccia@imtbs-tsp.eu wrote:
Is there a problem with SSHA-512 hashed userPassword ? Maybe something one the client or server side must be set to use SSHA-512 ?
Three things:
a) For ldap binds to work with SSHA512, the pw-sha2 module must be loaded in slapd
b) Passwords should be changed via an LDAP v3 password modify option. This requires the 2.0.0-M15 (or later) release of Apache Directory Studio, and doing so is obtuse with the way it's currently implemented (See also https://issues.apache.org/jira/browse/DIRSTUDIO-648)
c) No client should care how userPassword is stored. If it does, then the client is implemented incorrectly.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com