Did setup a few users with a SHA512 password:
eg:
dn: cn=foo,cn=users,dc=bar,dc=com
cn: foo
gidnumber: 500
givenname: Foo
homedirectory: /home/users/foo
mail: [email protected]
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Test
uid: foo
uidnumber: 1002
userpassword: {SHA512}0D6uKWnyA2oU3xvnW7m5Rc2e+YNv3lbhPYisfBamreqqzkpiblhSDe
7UTyfTIU9RbWfpxn+Cnq3kLIfuXyK0lQ==
I can't login with:
root@df5640e56d9d:/# ldapwhoami -vvv -H ldapi:/// -D cn=foo,cn=users,dc=bar,dc=com -x -w mypassword
ldap_initialize( ldapi:///??base )
ldap_bind: Invalid credentials (49)
As soon as I switch hashing function (sha1), I can login properly.
Pull request welcome to add overlay slapo-pw-sha2 :)
There is pw-sha already builded in last openLDAP release. You just need to turn it on in
dn: cn=module{0},cn=config
ldif could be:
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2
-
@konstantinbarkalov Thanks!
Most helpful comment
There is
pw-shaalready builded in last openLDAP release. You just need to turn it on indn: cn=module{0},cn=configldif could be: