On Tue, 2020-06-16 at 08:47 -0400, John Stoffel wrote: > > Jeffrey> Thanks for your reply! We already found the issue, we're > using a > Jeffrey> special character in our salt which isn't allowed > (anymore?). After > Jeffrey> changing the salt, LDAP authentication is working again on > Ubuntu > Jeffrey> Focal. > > Great news, can you post more details so that other's don't run into > the same problem? Knowing the salt value isn't a bad thing.... >
Ofcourse! We generated a unique salt for each password with the characters: "A-Za-z0-9./~=[];':!-()". This worked fine for years, until the upgrade to Ubuntu Focal. After (long) debugging, we found out that only the following characters are accepted for generating a valid salt: "./0-9A-Za-z" So if you generate a salt for SHA, only use these characters: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".
