Hi Ralf,
On Tue, Jul 2, 2024 at 2:29 PM Ralf Spenneberg <rspenneberg@gmail.com> wrote:
Hi there,SSHA is still supported in the latest 389-DS:
I am trying to update a ldap tree from 389ds 1.3.11 (centos7) to 2.4.5 (almalinux9). After migrating the tree all passwords stop working including the Directory Manager. The old tree used SSHA. Setting the rootpwstoragescheme does not help for the Directory Manager. Only manually resetting the passwords using pwdhash in the dse.ldif file and using a PBKDF2-SHA512 password works. Is there a way to enable the old SSHA scheme?
# dsconf localhost pwpolicy list-schemes | grep SSHA
SSHA
SSHA256
SSHA384
SSHA512
How did you perform the migration? Via replication or export/import?
What is the value of nsslapd-allow-hashed-passwords in cn=config?
I suspect that your passwords after the migration might be doubly hashed instead of imported as is.
Kind regards,
Ralf
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Viktor
No comments:
Post a Comment