--On Saturday, March 11, 2023 7:51 PM +0100 Stefan Kania
<ste...@kania-online.de> wrote:
For a rootdn
-------------------
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$ZGJmZ2lrbmpiZHZzZ3NhdmRzZw$J6eXYSxY4
tDs4l8SdBkIwcAU0OqEEdR0gpFNJ5MSqQs
-------------------
This makes sense, since you can't use the ldapv3 password modify operation
to update this password value.
and a posix or simpleSecurityObject:
-------------------
dn: uid=repl-user,ou=users,dc=example,dc=net
changetype: modify
replace: userPassword
userPassword:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNsYXQ5ODc2NTQzMg$Td51W49s0X74o
m++/EnMRsP4La3x46KufcGGY01T8+M
-------------------
This doesn't make sense. You should be using an ldapv3 password modify
operation on the user account in question and letting the server do the
hashing (and also allows password policies, if deployed, to be used).
--Quanah