Hi, Thanks for your advice. I've just opened ITS. http://www.openldap.org/its/index.cgi?findid=7742
Thank you. At Fri, 08 Nov 2013 09:04:12 +0100, Michael Ströder wrote: > > Thanks for working on that! > > I'd really appreciate to see this in contrib/ directory. > > You probably should open an ITS following the hints here: > > http://www.openldap.org/devel/contributing.html > > Ciao, Michael. > > Tsukasa HAMANO wrote: > > Hi, > > > > I was concerned that OpenLDAP have no modern key derivation function. > > (It seems eglibc's crypt(3) has bcrypt, but it's depends environment) > > So I just implemented PBKDF2 module for OpenLDAP. > > > > https://github.com/hamano/openldap-pbkdf2 > > > > # Installation > > > > $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/ > > $ git clone https://github.com/hamano/openldap-pbkdf2.git > > $ cd openldap-pbkdf2/ > > $ make > > # make install > > > > in slapd.conf: > > moduleload pw-pbkdf2.so > > password-hash {PBKDF2} > > > > # Usage > > > > $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret > > {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw > > > > This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1 > > http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html > > > > And also, I have roadmap to implement {PBKDF2-SHA256} and > > {PBKDF2-SHA512} schemes in the future. > > > > Could you merge the module into contrib/ directory? > > > > Thank you. > -- Open Source Solution Technology Corporation HAMANO Tsukasa <[email protected]> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55
