Re: Argon2-Support or secure hashing

Fri, 14 Apr 2023 12:55:07 -0700 

Hello Quanah,

thank you for your response.
I read through the documentation and I verified that in the path "/usr/lib/ldap" under olcModulePath there are Argon2 files. 

argon2-2.5.so.0
argon2-2.5.so.0.1.9
argon2.la
argon2.so

Further there is already a module loaded "{0}back_mdb".

Sadly I always get an error when trying to add the Argon2-Module "[LDAP 
result code 80 - other] cannot delete olcModuleLoad"


I list the things I tried setting as a new value in olcModuleLoad

Each from the list above
Each from the list above with {1} in the beginning
Each from the list above with {} and {0}


I do not understand why this is happening as I am not trying to delete 
any module, I try to set a new value in addition to back_mdb. I checked, 
that this is also happening with any other module in the Path.


Many kind regards,
Lukas

Am 14.04.2023 um 20:08 schrieb Quanah Gibson-Mount:




--On Thursday, April 13, 2023 9:05 PM +0000 Lukas Adrian Kron 
<lukask...@posteo.de> wrote:




Hi dear,


I was able to find out the Version. On Ubuntu 20.04 
2.4.49+dfsg-2ubuntu1.9

 Which is the newest avaliable through apt-tools. As Argon-2 was not

installed there I launched a new testing environment on Ubuntu 22.04 
with

Version

/usr/sbin/slapd -VV
 @(#) $OpenLDAP: slapd 2.5.14+dfsg-0ubuntu0.22.04.2 (Mar 12 2023
17:11:53) $
         Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>


Which also is the newest version I am able to install on this Ubuntu-V.
 Even though it should work in theory when I try to set {ARGON2} or
{PBKDF2} in olcDatabase={-1}frontend or any other cn=config with
olcPasswordHash I get LDAP result code 80 - other<olcPasswordHash> no
valid hashes found.

Besides that this is now a clean installation with no further
configuration.




Ubuntu builds those extensions as modules.  If you haven't loaded them 
in your configuration, you can't use them.  Please read the 
documentation:



<https://www.openldap.org/software/man.cgi?query=slapd-config&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html> 



Specifically the portion on "Dynamic Module Options"


I also advise reading 
<https://www.openldap.org/software/man.cgi?query=slappw-argon2&apropos=0&sektion=5&manpath=OpenLDAP+2.5-Release&arch=default&format=html> 
to see how to use it with command line utilities such as slappasswd.


--Quanah
























					Reply via email to