sha512 is not working for inetOrgPerson

[mgcrea]

Did setup a few users with a SHA512 password:

eg:

dn: cn=foo,cn=users,dc=bar,dc=com
cn: foo
gidnumber: 500
givenname: Foo
homedirectory: /home/users/foo
mail: [email protected]
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Test
uid: foo
uidnumber: 1002
userpassword: {SHA512}0D6uKWnyA2oU3xvnW7m5Rc2e+YNv3lbhPYisfBamreqqzkpiblhSDe
 7UTyfTIU9RbWfpxn+Cnq3kLIfuXyK0lQ==

I can't login with:

root@df5640e56d9d:/# ldapwhoami -vvv -H ldapi:/// -D cn=foo,cn=users,dc=bar,dc=com -x -w mypassword
ldap_initialize( ldapi:///??base )
ldap_bind: Invalid credentials (49)

As soon as I switch hashing function (sha1), I can login properly.

[osixia]

Pull request welcome to add overlay slapo-pw-sha2 :)

[konstantinbarkalov]

There is pw-sha already builded in last openLDAP release. You just need to turn it on in dn: cn=module{0},cn=config

ldif could be:

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2
-

[xyalan]

@konstantinbarkalov Thanks!

[trallnag]

@konstantinbarkalov, how can I turn it on? When I login with config password it fails on import:

[trallnag]

Ok I logged into the server created the file file.ldif

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2
-

And then executed following command:

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f file.ldif

to create pw

slappasswd -h '{SHA512}' -o module-load=pw-sha2