--On Monday, December 5, 2022 8:02 AM +0100 Ulrich Windl
Examining changes of the database via LDIF, I noticed one thing:
I had thought that the encoded SSHA passwords all have the same length.
Could it depend on the program being used to vhnage the password, thus
varying the length of salt? How could I decode that?
(not that the example is not a real one (some characters permutated), so
don't waste your time trying to crack it)
The first SSHA hash looks like it was created by something other than
OpenLDAP via an ldap password v3 modifiation. Do you have processes doing
direct modifications to the userPassword attribute? Or, are you sure that
in the first case, it wasn't:
In either case, SSHA is not particularly secure I'd strongly advise
a) slapd does the password hashing
b) slapd is updated to use a strong hashing method