Hi William, I know that. But it would be great if for migration purposes the old hashes would work. I do not know the passwords of all users in the existing tree. What I would like to use afterwards is the
nsslapd-enable-upgrade-hash: on feature. So, is there a possibility to support SSHA hashes still on 2.4? Kind regards, Ralf Am Mi., 3. Juli 2024 um 02:33 Uhr schrieb William Brown <wbr...@suse.de>: > Do you actually have a real technical requirement for SSHA? In 2024 it is > functionally plaintext, so unless you have a true requirement to use SSHA, > then you should follow the secure defaults. > > > On 2 Jul 2024, at 22:25, Ralf Spenneberg <rspenneb...@gmail.com> wrote: > > > > Hi there, > > I am trying to update a ldap tree from 389ds 1.3.11 (centos7) to 2.4.5 > (almalinux9). After migrating the tree all passwords stop working including > the Directory Manager. The old tree used SSHA. Setting the > rootpwstoragescheme does not help for the Directory Manager. Only manually > resetting the passwords using pwdhash in the dse.ldif file and using a > PBKDF2-SHA512 password works. Is there a way to enable the old SSHA scheme? > > Kind regards, > > Ralf > > -- > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > -- > Sincerely, > > William Brown > > Senior Software Engineer, > Identity and Access Management > SUSE Labs, Australia > > -- > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
