Hello everyone, I have been asked on IRC to address this question to the mailing list, so here we go...
First, a brief background: I have an existing user directory, which does not use LDAP and stores its passwords as bcrypt hashes. I'd like to migrate this directory to LDAP using ApacheDS as backend without having all users to reset their passwords. So considering that ApacheDS currently does not support BCrypt, I thought about adding such support and contributing it throgh a pull request. Upfront, there are a couple of questions, though, which I'd like to clarify to improve the chances for the PR to be accepted. ;-) 1. There is an existing BCrypt implementation for Java, jBCrypt [1, 2] licensed under the ISC license, which is compatible with the Apache License 2.0 according to [3]. Do you consider it acceptable to introduce a new dependency to support a new encryption algorithm? AFAICS the dependency would need to be added to org.apache.directory.api:api-ldap-model. 2. Would you prefer an implementation as crypt variant (sub-prefix $2a$) or a separate algorithm? Thanks & kind regards, Thilo [1] http://www.mindrot.org/projects/jBCrypt/ [2] https://github.com/jeremyh/jBCrypt [3] https://www.apache.org/legal/resolved
