All,
I found Quanah's response to a post (http://www.openldap.org/lists/openldap-devel/201411/msg00012.html), which brought up a question(s).
1) I have the olcModule pw-sha2.la loaded in "cn=module{0},cn=config"
2) Looking at Quanahs reply, in the link above, he states:
now, if you want to make something like say, SHA512 the default, then you need to modify the frontend config db:
dn: olcDatabase={-1},cn=config
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW attribute shows {SSHA}, is that going to modify current password hashes or only going forward?
I tried the above, on cn=config, but received the following error
"According to the schema attribute olcPasswordHash is not allowed"
Thanks in advance,
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Email: mailto:john.borresen@ll.mit.edu john.borresen@ll.mit.edu
Borresen, John - 0444 - MITLL wrote:
replace: olcPasswordHash olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW attribute shows {SSHA}, is that going to modify current password hashes or only going forward?
It affects only new passwords generated. Old password hashes of various schemes still work.
Ciao, Michael.
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following: dn: olcDatabase={-1},cn=config changetype: modify replace: olcPasswordHash olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
Is stumping me. Not sure schema, if any, to add.
Thanks in advance.
John D. Borresen (Dave) Ph: (781) 981-1609 Email: john.borresen@ll.mit.edu
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Michael Ströder Sent: Tuesday, February 23, 2016 3:59 PM To: Borresen, John - 0444 - MITLL; openldap-technical@openldap.org Subject: Re: PasswordHash
Borresen, John - 0444 - MITLL wrote:
replace: olcPasswordHash olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW
attribute
shows {SSHA}, is that going to modify current password hashes or only
going
forward?
It affects only new passwords generated. Old password hashes of various schemes still work.
Ciao, Michael.
Borresen, John - 0444 - MITLL wrote:
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following: dn: olcDatabase={-1},cn=config
^^^^^^^^^^^^^^^^^
changetype: modify replace: olcPasswordHash olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
I'd try "dn: olcDatabase={-1}frontend,cn=config" instead.
Ciao, Michael.
Thanks Michael...
I just found a post from Quanah from 2008 stating that...and it worked.
Thanks for your help!
John D. Borresen (Dave) Email: john.borresen@ll.mit.edu
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Michael Ströder Sent: Wednesday, February 24, 2016 1:04 PM To: Borresen, John - 0444 - MITLL; openldap-technical@openldap.org Subject: Re: PasswordHash
Borresen, John - 0444 - MITLL wrote:
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following: dn: olcDatabase={-1},cn=config
^^^^^^^^^^^^^^^^^
changetype: modify replace: olcPasswordHash olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
I'd try "dn: olcDatabase={-1}frontend,cn=config" instead.
Ciao, Michael.
openldap-technical@openldap.org
-
Borresen, John - 0444 - MITLL -
Michael Ströder