1 .TH SLAPD-PW-SHA2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2015-2017 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 slapd-pw-sha2 \- SHA-2 password module to slapd
20 provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512,
21 SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions
22 in hashed passwords in OpenLDAP.
24 It does so by providing the following additional password schemes for use in slapd:
28 SHA-256 with salt, giving hash values of 256 bits length
31 plain SHA-256 giving hash values of 256 bits length
34 SHA-384 with salt, giving hash values of 384 bits length
37 plain SHA-384 giving hash values of 384 bits length
40 SHA-512 with salt, giving hash values of 512 bits length
43 plain SHA-512 giving hash values of 512 bits length
49 module does not need any configuration.
51 After loading the module, the password schemes
52 {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384}, and {SHA512}
53 will be recognised in values of the
57 You can then instruct OpenLDAP to use these schemes when processing
58 the LDAPv3 Password Modify (RFC 3062) extended operations by using the
64 If you want to use the schemes described here with
66 don't forget to load the module using its command line options.
67 The relevant option/value is:
71 .BR module\-load = pw-sha2
76 location, you may also need:
80 .BR module\-path = \fIpathspec\fP
84 All of the userPassword LDAP attributes below encode the password
88 userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
90 userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
92 userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
95 To make {SSHA512} the password hash used in Password Modify extended operations,
96 simply set this line in slapd.conf(5):
99 password-hash {SSHA512}
108 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
112 This manual page has been written by Peter Marschall based on the
113 module's README file written by Jeff Turner.
116 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
118 is derived from University of Michigan LDAP 3.3 Release.