Follow up to [lsc-users] passwords, base64 and ldap 
<http://lists.lsc-project.org/pipermail/lsc-users/2016-May/002959.html> - and 
slightly off topic

I'm using openldap 2.4.40 as supplied in rpm on a CentOS 7.2 (x86_64) machine, 
combined with LDAP Account Manager and LSC to sync users from AD to LDAP.

So far, so good.  It works.  Obviously with separate passwords for LDAP and AD.

Problem is that we're trying to use SHA-512 for passwords.  This is working ok 
for local passwords (login.defs include ENCRYPT_METHOD SHA512), but the ldap 
structure for userPassword is storing SSHA.  How do I get it to encrypt and 
store store SHA-512 passwords with one-way encryption?

Seems to be details available for older openldap (slapd) using slap.conf for 
configuration, but this version doesn't and uses ldif files for configuration.

Also, following up the first post, is a 2-way encryption algorithm really a 
good way of storing a password?

Regards
Carl Wilson
MMS Support

Thales UK
Poseidon House, Ashurst Drive, Cheadle Heath, Stockport, SK3 0XB - UK
www.thalesgroup.com/uk

Tel: +44 (0)161 741 3840
[email protected]<mailto:[email protected]>

Please consider the environment before printing a hard copy of this e-mail.

The information contained in this e-mail is confidential. It is intended only 
for the stated addressee(s) and access to it by any other person is 
unauthorised. If you are not an addressee, you must not disclose, copy, 
circulate or in any other way use or rely on the information contained in this 
e-mail. Such unauthorised use may be unlawful. If you have received this e-mail 
in error, please inform us immediately on +44 (0)161 491 4001 and delete it and 
all copies from your system.

Thales UK Limited. A company registered in England and Wales. Registered 
Office: 2 Dashwood Lang Road, The Bourne Business Park, Addlestone, Weybridge, 
Surrey KT15 2NX. Registered Number: 868273

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to