2 =======================
4 pw-pbkdf2.c provides support for PBKDF2 key derivation functions in
9 * OpenSSL 1.0.0 or later
13 $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
14 $ git clone https://github.com/hamano/openldap-pbkdf2.git
23 moduleload pw-pbkdf2.so
25 You can also tell OpenLDAP to use the schemes when processing LDAP
26 Password Modify Extended Operations, thanks to the password-hash
27 option in slapd.conf. For example:
29 password-hash {PBKDF2}
33 You can get hash to use slappasswd.
35 $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
36 {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
38 A quick way to test whether it's working is to customize the rootdn and
39 rootpw in slapd.conf, eg:
41 rootdn "cn=Manager,dc=example,dc=com"
42 rootpw {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
44 Then to test, run something like:
46 $ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret
49 You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging.
53 {PBKDF2}<Iteration>$<Adapted Base64 Salt>$<Adapted Base64 DK>
57 * [RFC 2898 Password-Based Cryptography][^1]
58 [^1]: http://tools.ietf.org/html/rfc2898
60 * [PKCS #5 PBKDF2 Test Vectors][^2]
61 [^2]: http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
63 * [RFC 2307 Using LDAP as a Network Information Service][^3]
64 [^3]: http://tools.ietf.org/html/rfc2307
66 * [Python Passlib][^4]
67 [^4]: http://pythonhosted.org/passlib/
69 * [Adapted Base64 Encoding][^5]
70 [^5]: http://pythonhosted.org/passlib/lib/passlib.utils.html#passlib.utils.ab64_encode
73 This work is part of OpenLDAP Software <http://www.openldap.org/>.
75 Copyright 2009-2013 The OpenLDAP Foundation.
78 Redistribution and use in source and binary forms, with or without
79 modification, are permitted only as authorized by the OpenLDAP
82 A copy of this license is available in the file LICENSE in the
83 top-level directory of the distribution or, alternatively, at
84 <http://www.OpenLDAP.org/license.html>.
87 This work was initially developed by HAMANO Tsukasa <hamano@osstech.co.jp>