[email protected] wrote: > --On Tuesday, January 13, 2015 7:24 PM +0000 Jonathan Price > <[email protected]> wrote: > >> I do apologise for the confusion, I'll try to clarify below: >> >> Here is the command you ran successfully: >> /opt/zimbra/openldap/sbin/slappasswd -h >> '{SSHA512}' -o module-path=/opt/zimbra/openldap/sbin/openldap -o >> module-load=pw-sha2 -s test >> {SSHA512}TSwAWmK3sv42RbAasugMPR8d7GLozXtKU00v5Jdd4ebmXBsOpt5We5HNkXxFfy5 >> Ptaoa/KUsmTV5484NA3UmrHrOpyUVnEh9 >> >> Here is an example of me running just a plain SHA512 >> slappasswd -h '{SHA512}' -o module-path=/usr/local/libexec/openldap -o >> module-load=pw-sha2 >> {SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUN >> zLDBMxfqa2Ob1f1ACio/w== >> >> And here is an example of me running a salted SHA512 (SSHA512) >> slappasswd -h '{SSHA512}' -o module-path=/usr/local/libexec/openldap -o >> module-load=pw-sha2 -s test >> Password verification failed. >> >> I hope this helps to clarify. > > Yes, thank you. So I'm using 2.4.39. There were some minor changes to > slapd-sha2 in 2.4.40. I will see if I can reproduce the issue with current > RE24.
I have a FreeBSD 9 VM here with 2.4.40 installed from ports. Both SHA512 and SSHA512 work fine on it. Doesn't look to me like there's any OpenLDAP bug here, this is one for the FreeBSD folks to sort out. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
