Hi Ralf,
On Tue, Jul 2, 2024 at 2:29 PM Ralf Spenneberg <rspenneberg@xxxxxxxxx> wrote:
Hi there,SSHA is still supported in the latest 389-DS:
I am trying to update a ldap tree from 389ds 1.3.11 (centos7) to 2.4.5 (almalinux9). After migrating the tree all passwords stop working including the Directory Manager. The old tree used SSHA. Setting the rootpwstoragescheme does not help for the Directory Manager. Only manually resetting the passwords using pwdhash in the dse.ldif file and using a PBKDF2-SHA512 password works. Is there a way to enable the old SSHA scheme?
# dsconf localhost pwpolicy list-schemes | grep SSHA
SSHA
SSHA256
SSHA384
SSHA512
How did you perform the migration? Via replication or export/import?
What is the value of nsslapd-allow-hashed-passwords in cn=config?
I suspect that your passwords after the migration might be doubly hashed instead of imported as is.
Kind regards,
Ralf
--
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Viktor
-- _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
