--O
dn: olcDatabase={-1}frontend,cn=config
add: olcPasswordHash
olcPasswordHash: {SSHA}
Although I applied both of these config, I don't think the latter solve
my initial pb , I guess 1st one was sufficient . that second
(olcPasswordHash: {SSHA}) is only necessary to force SSHA hash when user
change their password ?
{SSHA} is the default, and is not {SSHA512}
If you want it to force SSHA512 for any new password changes done via an
LDAP v3 password modify operation, you must set it to {SSHA512} instead of
{SSHA}.
I would note that starting with OpenLDAP 2.4.50, ARGON2 password hashes are
supported the argon2 password module, and they are considered more secure
than SSHA512.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
