--On Monday, November 24, 2014 12:22 PM +0100 Onno van der Straaten onno.van.der.straaten@gmail.com wrote:
sudo make install
I'd generally advise you really read over the options to configure, and build a better set of binaries. For example, leave out back-bdb/hdb, and enable building things modularly.
My options are:
--with-cyrus-sasl \ --with-tls=openssl \ --enable-dynamic \ --enable-slapd \ --enable-modules \ --enable-backends=mod \ --disable-shell \ --disable-sql \ --disable-bdb \ --disable-hdb \ --disable-ndb \ --enable-overlays=mod \ --enable-debug \ --enable-spasswd \ --enable-crypt; \
Make the sha2 module cd ~/openldap/contrib/slapd-modules/passwd/sha2 sed -i.bak s/-Wall -g/-Wall -g fPIC/g Makefile make
I do:
(cd openldap-$(LDAP_VERSION)/contrib/slapd-modules/passwd/sha2; \ $(MAKE) prefix=/usr/local LIBS="-L$(LDAP_LIB_DIR) -lldap_r -llber" install STRIP=""; \ )
And then it installs it for me in the same location. Just make sure you use the same prefix here.
This results in a number of files pw-sha2.la sha2.lo sha2.o
slapd-sha2.lo slapd-sha2.o
The question now is how to install this on my target OpenLDAP server. I put the files in /usr/lib64/openldap en dan tried to add the following dn: cn=module{0},cn=config changetype: modify replace: olcModuleLoad olcModuleLoad: slapd-sha2.la
I'm not sure that replacing olcModuleLoad is correct. If you already have values in there, you probably want to keep them. I generally *add* an additional values. In any case, your value for the attribute is incorrect. The .la file is named, as in your email, pw-sha2.la, not slapd-sha2.la . If you want to add it as an additional module to load, then you would do
changetype: modify add: olcModuleLoad olcModuleLoad: pw-sha2.la
My loaded modules are:
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /opt/zimbra/openldap/sbin/openldap olcModuleLoad: {0}back_mdb.la olcModuleLoad: {1}back_monitor.la olcModuleLoad: {2}syncprov.la olcModuleLoad: {3}accesslog.la olcModuleLoad: {4}dynlist.la olcModuleLoad: {5}unique.la olcModuleLoad: {6}noopsrch.la olcModuleLoad: {7}pw-sha2.la
for example.
now, if you want to make something like say, SHA512 the default, then you need to modify the frontend config db:
dn: olcDatabase={-1},cn=config changetype: modify replace: olcPasswordHash olcPasswordHash: {SSHA512}
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org