Le 19/05/2016 16:42, WILSON Carl a écrit :
Follow up to [lsc-users] passwords, base64 and ldap
<http://lists.lsc-project.org/pipermail/lsc-users/2016-May/002959.html>–
and slightly off topic
I’m using openldap 2.4.40 as supplied in rpm on a CentOS 7.2 (x86_64)
machine, combined with LDAP Account Manager and LSC to sync users from
AD to LDAP.
So far, so good. It works. Obviously with separate passwords for
LDAP and AD.
Problem is that we’re trying to use SHA-512 for passwords. This is
working ok for local passwords (login.defs include ENCRYPT_METHOD
SHA512), but the ldap structure for userPassword is storing SSHA. How
do I get it to encrypt and store store SHA-512 passwords with one-way
encryption?
You need sha2 module compiled in OpenLDAP, I don't know if it's
available in CentOS packages. You can use LTB OpenLDAP packages to have it.
Seems to be details available for older openldap (slapd) using
slap.conf for configuration, but this version doesn’t and uses ldif
files for configuration.
Also, following up the first post, is a 2-way encryption algorithm
really a good way of storing a password?
You mean symetric encryption? Of course it's not a good way for storing
passwords.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
