I have setup openLDAP server on an ubuntu machine. I am trying to test user authentication, but am running into a problem. If, in ldap, the userPassword contains a plaintext password, authentication works just fine. However, if I set the value of userPassword to be a hashed password (like sha256), the authentication fails. Do I need to tell openLDAP that I am using sha somewhere?
FYI, I am using openLDAP and Apache Directory Studio to interact with it. I am testing authentication by trying to bind using a php script.
Best Answer
According to the FAQ, OpenLDAP releases prior to 2.4.32 do not support SHA-2 algorithms including SHA256. 2.4.32 and later releases need to be built with contrib/slapo-pw-sha2 to support SHA-2. You can use SHA-1 or Salted SHA-1 out of the box. Please see http://www.openldap.org/faq/index.cgi?file=1467 and http://www.openldap.org/doc/admin24/security.html#Password+Storage for more.