NAME

       slapd-pw-sha2 - SHA-2 password module to slapd

SYNOPSIS

       ETCDIR/slapd.conf

              moduleload pw-sha2

DESCRIPTION

       The  pw-sha2  module  to  slapd(8) provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512,
       SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions in hashed passwords in OpenLDAP.

       It does so by providing the following additional password schemes for use in slapd:

              {SSHA256}
                     SHA-256 with salt, giving hash values of 256 bits length

              {SHA256}
                     plain SHA-256 giving hash values of 256 bits length

              {SSHA384}
                     SHA-384 with salt, giving hash values of 384 bits length

              {SHA384}
                     plain SHA-384 giving hash values of 384 bits length

              {SSHA512}
                     SHA-512 with salt, giving hash values of 512 bits length

              {SHA512}
                     plain SHA-512 giving hash values of 512 bits length

CONFIGURATION

       The pw-sha2 module does not need any configuration.

       After loading the module, the password schemes {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384},  and
       {SHA512} will be recognised in values of the userPassword attribute.

       You can then instruct OpenLDAP to use these schemes when processing the LDAPv3 Password Modify (RFC 3062)
       extended operations by using the password-hash option in slapd.conf(5).

NOTES

       If  you  want to use the schemes described here with slappasswd(8), don't forget to load the module using
       its command line options.  The relevant option/value is:

              -o module-load=pw-sha2

       Depending on pw-sha2's location, you may also need:

              -o module-path=pathspec

EXAMPLES

       All of the userPassword LDAP attributes below encode the password 'secret'.

       userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==

       userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt

       userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

       To make {SSHA512} the password hash used in Password Modify extended operations, simply set this line  in
       slapd.conf(5):

       password-hash   {SSHA512}

SEE ALSO

       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

       This  manual  page  has been written by Peter Marschall based on the module's README file written by Jeff
       Turner.

       OpenLDAP is developed and maintained by The OpenLDAP  Project  (http://www.openldap.org/).   OpenLDAP  is
       derived from University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION                                 RELEASEDATE                                  SLAPD-PW-SHA2(5)