Follow up to [lsc-users] passwords, base64 and ldap <http://lists.lsc-project.org/pipermail/lsc-users/2016-May/002959.html> - and slightly off topic
I'm using openldap 2.4.40 as supplied in rpm on a CentOS 7.2 (x86_64) machine, combined with LDAP Account Manager and LSC to sync users from AD to LDAP. So far, so good. It works. Obviously with separate passwords for LDAP and AD. Problem is that we're trying to use SHA-512 for passwords. This is working ok for local passwords (login.defs include ENCRYPT_METHOD SHA512), but the ldap structure for userPassword is storing SSHA. How do I get it to encrypt and store store SHA-512 passwords with one-way encryption? Seems to be details available for older openldap (slapd) using slap.conf for configuration, but this version doesn't and uses ldif files for configuration. Also, following up the first post, is a 2-way encryption algorithm really a good way of storing a password? Regards Carl Wilson MMS Support Thales UK Poseidon House, Ashurst Drive, Cheadle Heath, Stockport, SK3 0XB - UK www.thalesgroup.com/uk Tel: +44 (0)161 741 3840 [email protected]<mailto:[email protected]> Please consider the environment before printing a hard copy of this e-mail. The information contained in this e-mail is confidential. It is intended only for the stated addressee(s) and access to it by any other person is unauthorised. If you are not an addressee, you must not disclose, copy, circulate or in any other way use or rely on the information contained in this e-mail. Such unauthorised use may be unlawful. If you have received this e-mail in error, please inform us immediately on +44 (0)161 491 4001 and delete it and all copies from your system. Thales UK Limited. A company registered in England and Wales. Registered Office: 2 Dashwood Lang Road, The Bourne Business Park, Addlestone, Weybridge, Surrey KT15 2NX. Registered Number: 868273
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
