NAME

       slapd-pw-sha2 - SHA-2 password module to slapd

SYNOPSIS

       ETCDIR/slapd.conf

              moduleload pw-sha2

DESCRIPTION

       The  pw-sha2  module  to  slapd(8)  provides  support  for  the use of SSHA-512, SSHA-384,
       SSHA-256, SHA-512, SHA-384 and  SHA-256  from  the  SHA-2  family  (FIPS  180-2)  of  hash
       functions in hashed passwords in OpenLDAP.

       It does so by providing the following additional password schemes for use in slapd:

              {SSHA256}
                     SHA-256 with salt, giving hash values of 256 bits length

              {SHA256}
                     plain SHA-256 giving hash values of 256 bits length

              {SSHA384}
                     SHA-384 with salt, giving hash values of 384 bits length

              {SHA384}
                     plain SHA-384 giving hash values of 384 bits length

              {SSHA512}
                     SHA-512 with salt, giving hash values of 512 bits length

              {SHA512}
                     plain SHA-512 giving hash values of 512 bits length

CONFIGURATION

       The pw-sha2 module does not need any configuration.

       After loading the module, the password schemes {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256},
       {SHA384}, and {SHA512} will be recognised in values of the userPassword attribute.

       You can then instruct OpenLDAP to use these schemes when processing  the  LDAPv3  Password
       Modify (RFC 3062) extended operations by using the password-hash option in slapd.conf(5).

NOTES

       If you want to use the schemes described here with slappasswd(8), don't forget to load the
       module using its command line options.  The relevant option/value is:

              -o module-load=pw-sha2

       Depending on pw-sha2's location, you may also need:

              -o module-path=pathspec

EXAMPLES

       All of the userPassword LDAP attributes below encode the password 'secret'.

       userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==

       userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt

       userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

       To make {SSHA512} the password hash used in Password Modify  extended  operations,  simply
       set this line in slapd.conf(5):

       password-hash   {SSHA512}

SEE ALSO

       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

       "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS

       This  manual  page  has  been written by Peter Marschall based on the module's README file
       written by Jeff Turner.

       OpenLDAP is developed and maintained by The OpenLDAP  Project  (http://www.openldap.org/).
       OpenLDAP is derived from University of Michigan LDAP 3.3 Release.