This is pending for the Debian package and will eventually get merged into Ubuntu. If you use cn=config, note that setting olcPasswordHash to a scheme provided by a module will prevent slapd from starting, since cn=module is processed later; this is unfixed upstream.
Until pw-sha2 lands, you may want to look into {CRYPT}. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1347954 Title: build slapd-sha2 module for strong passwords Status in “openldap” package in Ubuntu: New Status in “openldap” package in Debian: Unknown Bug description: out of the box, the strongest password encryption supported is SSHA (seeded SHA-1) which isn't really very good these days. The best answer appears to be to compile up the contrib/slapd-sha2 module. https://github.com/gcp/openldap/tree/master/contrib/slapd- modules/passwd/sha2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1347954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp