Skip to content

[QUESTION] How to enable Hash Passwords in OpenLDAPΒ #689

New issue
New issue
Open
Open
[QUESTION] How to enable Hash Passwords in OpenLDAP#689
@Ecenur2

Description

@Ecenur2
Ecenur2
opened on Feb 25, 2025

Hi All

Can you help me, I need to enable password hashing at openLDAP level
I need to have situation where clients send password in PLAIN_TEXT and openLDAP store this as {SSHA}
i read #208 this issue and i tried to same things with docker

I would like to enable this:
http://xacmlinfo.org/2015/06/25/enable-hash-passwords-in-openldap/

but I do not know how to do this during container configuration

this is my docker-compose.yml
`networks:
my_network:
driver: bridge

services:
openldap:
image: osixia/openldap:latest
container_name: openldap
environment:
LDAP_BASE_DN: "dc=example,dc=com"
LDAP_ORGANISATION: "Example Organization"
LDAP_DOMAIN: "example.com"
LDAP_ADMIN_PASSWORD: "admin"
LDAP_TLS: "false"
LDAP_PASSWORD_HASH: "SSHA"
volumes:
- ./ldap/init.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-init.ldif
- ./ldap/ppolicy.ldif:/etc/ldap/ppolicy.ldif
- ./ldap/ppolicy_overlay.ldif:/etc/ldap/ppolicy_overlay.ldif
- openldap-data:/var/lib/ldap
- openldap-config:/etc/ldap/slapd.d
networks:
- my_network
ports:
- "389:389"
command: --copy-service
restart: unless-stopped
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: openldap
PHPLDAPADMIN_HTTPS: "false" # deactivate HTTPS
networks:
- my_network
ports:
- "8081:80"
restart: unless-stopped
depends_on:
- openldap

volumes:
openldap-data:
driver: local
openldap-config:
driver: local
`

and this is my Dockerfile
`# Dockerfile
FROM osixia/openldap:latest

COPY ./ldap/ppolicy.ldif /etc/ldap/ppolicy.ldif
COPY ./ldap/ppolicy_overlay.ldif /etc/ldap/ppolicy_overlay.ldif
COPY ./ldap/init.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/50-init.ldif

CMD ["sh", "-c", "sleep 5 && ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ppolicy.ldif && ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ppolicy_overlay.ldif && ldapadd -Y EXTERNAL -H ldapi:/// -f /container/service/slapd/assets/config/bootstrap/ldif/custom/50-init.ldif && /container/tool/run.sh"]
`

and my ldif docs;
ppolicy_overlay.ldif
dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {2}ppolicy olcPPolicyHashCleartext: TRUE

ppolicy.ldif
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy

when i open my pgadmin i can't see SSHA it looks like this;

Image

how can i fix this! Please help!!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions