Hi, I was concerned that OpenLDAP have no modern key derivation function. (It seems eglibc's crypt(3) has bcrypt, but it's depends environment) So I just implemented PBKDF2 module for OpenLDAP.
https://github.com/hamano/openldap-pbkdf2 # Installation $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/ $ git clone https://github.com/hamano/openldap-pbkdf2.git $ cd openldap-pbkdf2/ $ make # make install in slapd.conf: moduleload pw-pbkdf2.so password-hash {PBKDF2} # Usage $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1 http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html And also, I have roadmap to implement {PBKDF2-SHA256} and {PBKDF2-SHA512} schemes in the future. Could you merge the module into contrib/ directory? Thank you. -- Open Source Solution Technology Corporation HAMANO Tsukasa <[email protected]> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55
