 |
Thank you for the report. Unfortunately we avoid making changes like this to the packages that Red Hat releases to maintain compatibility with their product and packages. CentOS 7 was the same way. In your example, you can see pw-sha2 being patched in (and a reference to a private bug in the change log), so this was done by Red Hat (not by CentOS). In 8, this isn't the case. It also seems the Fedora OpenLDAP package doesn't have it patched in either. It's likely this is because Red Hat does not directly support nor maintain the openldap-servers package. You may or may not get a response from red hat if you file a bug at bugzilla.redhat.com. |
|
|
Closing ticket due to 8.9's pending release. As stated in a previous comment, we cannot make changes to the build else we would begin to deviate from upstream. However, you have a few workarounds: 1) Migrate to openldap builds from ltb (https://ltb-project.org/) 2) Custom build the openldap package with the necessary changes you need 3) Use the CRYPT function For number 3, it should be possible to use CRYPT to force openldap to use glibc's crypt capabilities as a passthrough. Essentially, you would need modify cn=config to have these attributes: olcPasswordHash: {CRYPT} olcPasswordCryptSaltFormat: $6$%.16s Passwords then get stored as {CRYPT}$6$...$... which will look close to what you would see in /etc/shadow on a local system. |
- Anonymous
