Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add module pw-sha2 #984

Closed
Chartman123 opened this issue May 12, 2022 · 13 comments
Closed

Add module pw-sha2 #984

Chartman123 opened this issue May 12, 2022 · 13 comments
Assignees
@javsalgar @CeliaGMqrz
Labels
openldap solved stale 15 days without activity triage Triage is needed

Comments

@Chartman123
Copy link

Name and Version

bitnami/bitnami-docker-openldap:2.6.2

What is the problem this feature will solve?

SHA256, SHA512 password hashes can't be used

We want to migrate our openldap database to the bitnami image but can't do the migration because of the missing module.

What is the feature you are proposing to solve the problem?

Include the pw-sha2 module from openldap

What alternatives have you considered?

Not using the Bitnami openldap container
@rafariossaa
Copy link
Contributor

Hi,
Thanks for your suggestion, could you point me on documentation on how to enable and configure that module ? I would like to take a look and evaluate how we can integrate that.

@Chartman123
Copy link
Author

Chartman123 commented May 13, 2022
edited
Loading

The module can be found in this path: contrib/slapd-modules/passwd/sha2/ in the official tgz. There you can find a README with build/usage instructions.

@Chartman123
Copy link
Author

This migth be related to bitnami/bitnami-docker-openldap#79

@rafariossaa
Copy link
Contributor

Hi,
Thanks for the info.
I am opening an internal task to implement this, however I can not provide an ETA for this.
We will come back as soon as we have news.

@rafariossaa rafariossaa added the on-hold Issues or Pull Requests with this label will never be considered stale label May 16, 2022
@carrodher
Copy link
Member

We are going to transfer this issue to bitnami/containers

In order to unify the approaches followed in Bitnami containers and Bitnami charts, we are moving some issues in bitnami/bitnami-docker-<container> repositories to bitnami/containers.

Please follow bitnami/containers to keep you updated about the latest bitnami images.

More information here: https://blog.bitnami.com/2022/07/new-source-of-truth-bitnami-containers.html

@carrodher carrodher transferred this issue from another repository Jul 28, 2022
@bitnami-bot bitnami-bot added the triage Triage is needed label Jul 28, 2022
@carrodher carrodher assigned CeliaGMqrz and unassigned fmulero Jul 28, 2022
@bitnami-bot bitnami-bot removed the triage Triage is needed label Jul 28, 2022
@CeliaGMqrz
Copy link
Contributor

Hi @Chartman123

The pw-sha2 module has been added to be able to use SHA256, SHA512 password hashes.

The last image of the container already includes the module.

You can run this to check that the module works:

$ slappasswd -o module-load=/opt/bitnami/openldap/libexec/openldap/pw-sha2.so -h '{SHA256}' -s 'you-secret-here'

Thanks for your feedback.

@bitnami-bot bitnami-bot added solved and removed on-hold Issues or Pull Requests with this label will never be considered stale labels Aug 1, 2022
@eefahd
Copy link

eefahd commented May 7, 2023
edited
Loading

Hi @Chartman123

The pw-sha2 module has been added to be able to use SHA256, SHA512 password hashes.

The last image of the container already includes the module.

You can run this to check that the module works:

$ slappasswd -o module-load=/opt/bitnami/openldap/libexec/openldap/pw-sha2.so -h '{SHA256}' -s 'you-secret-here'

Thanks for your feedback.

Hi @CeliaGMqrz, thanks for including this module. However, I was wondering if it's auto-loaded when the container starts, because I'm not able to authenticate a user with a sha512 password by running:
ldapwhoami -vvv -H ldap://localhost:1389 -D "uid=testuser,ou=outest,dc=localhost,dc=com" -x -w testpwd.

I've tried to add ldif file to load the module as described by:
#982 (comment)
without any success.

Also tried to add ldif file with the following content:

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2

but it shows an error while trying to apply it manually by ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f sha2.ldif saying:

modifying entry "cn=module{0},cn=config"
ldap_modify: No such object (32)
	matched DN: cn=config

Any idea?

@github-actions github-actions bot added triage Triage is needed and removed solved labels May 7, 2023
@github-actions github-actions bot added in-progress and removed triage Triage is needed labels May 8, 2023
@github-actions github-actions bot added triage Triage is needed in-progress and removed in-progress triage Triage is needed labels May 11, 2023
@bitnami-bot bitnami-bot assigned jotamartos and unassigned CeliaGMqrz May 11, 2023
@carrodher carrodher assigned CeliaGMqrz and unassigned jotamartos May 11, 2023
@CeliaGMqrz
Copy link
Contributor

Hi @eefahd,

olcModuleLoad: pw-sha2 does not required to add in the file. The module already includes in the container. If you try this:

$ slappasswd -o module-load=/opt/bitnami/openldap/libexec/openldap/pw-sha2.so -h '{SHA256}' -s 'you-secret-here'
{SHA256}g3ANmBDkHsDYbmGhdj86p3JOlTfyEv2SIXSQnMPtiM0=

You can see the module pw-sha2.so is included.

@eefahd
Copy link

eefahd commented May 23, 2023

Hi @eefahd,

olcModuleLoad: pw-sha2 does not required to add in the file. The module already includes in the container. If you try this:

$ slappasswd -o module-load=/opt/bitnami/openldap/libexec/openldap/pw-sha2.so -h '{SHA256}' -s 'you-secret-here'
{SHA256}g3ANmBDkHsDYbmGhdj86p3JOlTfyEv2SIXSQnMPtiM0=

You can see the module pw-sha2.so is included.

Thank @CeliaGMqrz, yes I found it in modules, but unfortunately, could not get it working, I tried to change the hash method in config, and also tried to authenticate users without success. The code you shared is working but it's only for password generation and it takes the module path explicitly which could be the reason why it's working. I'll try to do more experiments to see if I can get it working.

@CeliaGMqrz
Copy link
Contributor

Hi @eefahd,

Thanks for your feedback.

Sorry, I can't reproduce the error. I may be missing data from your configuration. Could you provide the docker-compose file with the variables you are using? You may be overwriting the module. Is this behavior only happening to you with the new user's password encrypted?

@github-actions
Copy link

github-actions bot commented Jun 9, 2023

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Jun 9, 2023
@github-actions
Copy link

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 15, 2023
@clayrisser
Copy link

I have an image that has the password hashing modules baked in. It supports the following password hashing and is really easy to configure with environment variables.

https://github.com/clayrisser/docker-openldap#1-password-hashing

@github-actions github-actions bot added triage Triage is needed and removed solved labels Aug 6, 2023
@github-actions github-actions bot added the solved label Aug 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

@CeliaGMqrz CeliaGMqrz

Labels
openldap solved stale 15 days without activity triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@javsalgar @clayrisser @eefahd @jotamartos @rafariossaa @bitnami-bot @carrodher @Chartman123 @fmulero @CeliaGMqrz