Use bcrypt password hashing with OpenLDAP (slapd)

password bcrypt openldap slapd

I got it to work. It seems the shipped version of libcrypt simply does not support bcrypt.

Following this blog from 2019, I downloaded and build an extension to libcrypt that does include bcrypt (and is backwards compatible)

I'll copy the steps in case the blog disappears:

  • Clone or download the libxcrypt library: https://github.com/besser82/libxcrypt (I got version 4.4.3)
  • Build the source with:
    $ ./bootstrap && ./configure && make
    • You might require the packages autoconf, automake, libtool and pkg-config (see the repo Readme for further instructions)
  • Install the freshly compiled libcrypt:
    $ cp ./.libs/libcrypt.so.1.1.0 /lib/x86_64-linux-gnu
  • Backup the old libcrypt:
    $ cd /lib/x86_64-linux-gnu && cp libcrypt.so.1 libcrypt.so.1.0.0
  • And now replace libcrypt with a link to the new version:
    $ rm libcrypt.so.1 && ln -s libcrypt.so.1.1.0 libcrypt.so.1

Warning: With libcrypt missing or corrupt, your system cannot perform any authentications! Including logins and sudo ... commands. So make sure to replace the file in one go and be prepared for a complete lock-out

With these changes {CRYPT}$2y$... hashes are accepted!
I use the PHP crypt() function to create new password hashes.

Related

How can I block an application binding to a port (all OSs)
Exchange 2019 IIS trying to connect to the wrong Server [closed]
can you run a shell command via nohup at later time?
Does mapping internal servers to subdomains leave them more exposed than just using IP?
Do I need Active Directory Certificate Services
How to start etcd in docker from systemd?
How to exit docker exec after container has exited?
Changing NIC Interface Descriptions in Windows
Mount Exchange 2010 EDB to Exchange 2013
Exchange 2010 mailbox database size limits
Difference between Managed Service Account and Non Interactive Server Account in AD
can I have A record and MX record for the same hostname?