Hi,
please find attached an additional patch that documents the module's options.
Thanks for hinting me at them.
Please also have a look at upstream's ITS#9206:
https://bugs.openldap.org/show_bug.cgi?id=9206[1]
It consolidaes the libsodium implementation with the libargon2 one by
- setting the algorithm to Argon2 (instead of leaving it to libsodium)
- using kiB for the memory parameter
Thanks for maintaining OpenLDAP in Debian (and supporting upstream)
Peter
PS: hopefully these recent patches get merged into upstream earlier
than some of my earlier ones, which took 5 years ;-)
--
Peter Marschall
pe...@adpm.de
--------
[1] https://bugs.openldap.org/show_bug.cgi?id=9206
>From a911ad564c0bc215e012e19d56d07af70ce9bd26 Mon Sep 17 00:00:00 2001
From: Peter Marschall <pe...@adpm.de>
Date: Tue, 7 Apr 2020 11:15:53 +0200
Subject: [PATCH 3/3] contrib/passwd/argon2: update manual page
* document implemented options
* use correct tags for mail addresses and URLs
Signed-off-by: Peter Marschall <pe...@adpm.de>
---
.../passwd/argon2/slapd-pw-argon2.5 | 43 ++++++++++++++++---
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/contrib/slapd-modules/passwd/argon2/slapd-pw-argon2.5 b/contrib/slapd-modules/passwd/argon2/slapd-pw-argon2.5
index a8b6a8022..8df55f0af 100644
--- a/contrib/slapd-modules/passwd/argon2/slapd-pw-argon2.5
+++ b/contrib/slapd-modules/passwd/argon2/slapd-pw-argon2.5
@@ -8,8 +8,8 @@ slapd-pw-argon2 \- Argon2 password module to slapd
ETCDIR/slapd.conf
.RS
.LP
-.B moduleload
-.B pw-argon2
+.B moduleload pw-argon2
+.RI [ <parameters> ]
.RE
.SH DESCRIPTION
.LP
@@ -28,7 +28,28 @@ for use in slapd.
.SH CONFIGURATION
The
.B pw-argon2
-module does not need any configuration.
+module does not need any configuration,
+but it can be configured by giving the following parameters:
+.TP
+.BI m= <memory>
+Set memory usage to
+.I <memory>
+kiB.
+If not given, it defaults to
+.BR 4096 .
+.TP
+.BI p= <parallelism>
+Set parallelism to
+.I <parallelism>
+threads.
+If not given, it defaults to
+.BR 1 .
+.TP
+.BI t= <iterations>
+Set the number of iterations to
+.IR <iterations> .
+If not given, it defaults to
+.BR 3 .
.LP
After loading the module, the password scheme
.B {ARGON2}
@@ -43,7 +64,7 @@ option in
.BR slapd.conf (5):
.RS
.LP
-.BR password-hash {ARGON2}
+.B password\-hash {ARGON2}
.RE
.LP
@@ -84,14 +105,22 @@ userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFla
.BR slappasswd (8),
.BR ldap (3),
.LP
-"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.UR http://www.OpenLDAP.org/doc/
+"OpenLDAP Administrator's Guide"
+.UE
.LP
.SH ACKNOWLEDGEMENTS
This manual page has been written by Peter Marschall based on the
-module's README file written by Simon Levermann <si...@levermann.de>
+module's README file written by
+.MT si...@levermann.de
+Simon Levermann
+.ME .
.LP
.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+is developed and maintained by
+.UR http://www.openldap.org/
+The OpenLDAP Project
+.UE .
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
--
2.25.1
