0

I have a CentOS7 Server running slapd 2.4.44 and I'd like to modify the default hashing algorithm being used. Instead of using SSHA, i'd like to use SHA-256 or SHA-512.

I've been having trouble finding documentation on this and I'd like to ask if anyone can provide a link to any resources to put me on the right track.

I've read a few articles that mentioned using CRYPT to instruct OpenLDAP to use a strong encryption scheme but bash returns an error when I try those commands.

For example, I entered the following at the terminal..

password-hash {CRYPT} password-crypt-salt-format "$6$%.16s"

"bash: password-hash: command not found..."

Is there a file I should be modifying instead?

Thanks!

redhatsamurai
  • 3
  • 7
  • I built a .conf file named "hash.conf" & a directory named "hash.d" in the /etc/openldap directory. I populated the .conf file with the same olc database info as the example (I believe I'm using the same database). After running "slaptest -f hash.conf -F hash.d" as root I get an error: "5e839b08 hash.conf: line 1: unknown directive outside backend info and database definitions. slaptest: bad configuration directory!" – redhatsamurai Mar 31 '20 at 19:30
  • It seems that you misunderstood how newer versions of OpenLDAP manage their config - it's no longer in config files, now OpenLDAP is set up the same way as the data it manages, with LDIF files and the ldap* tools. Please read the link yoonix posted again. – fuero Apr 13 '20 at 20:39

0 Answers0