The ARGON2 password scheme is working successfully, but whenever I start/restart slapd it fails to recognize ARGON2 scheme.
Output of journalctl -xeu slapd.service
:
Jun 23 17:21:53 mail slapd[3932159]: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({ARGON2})
Jun 23 17:21:53 mail slapd[3932159]: olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found
Jun 23 17:21:53 mail slapd[3932159]: config error processing cn=config: <olcPasswordHash> no valid hashes found
Jun 23 17:21:53 mail slapd[3932159]: DIGEST-MD5 common mech free
Jun 23 17:21:53 mail slapd[3932159]: DIGEST-MD5 common mech free
Jun 23 17:21:53 mail slapd[3932159]: slapd stopped.
Jun 23 17:21:53 mail slapd[3932159]: connections_destroy: nothing to destroy.
Jun 23 17:21:53 mail slapd[3932153]: ...fail!
Jun 23 17:21:53 mail systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
If I change the password scheme to SSHA, then I can start the slapd server. Then while slapd is running I can switch from SSHA to ARGON2, and it works fine - ARGON2 password hashes are being created.
Why does slapd say ARGON2 scheme not available?
The error message "ARGON2 scheme not available" indicates that the ARGON2 password hash is not enabled in your OpenLDAP configuration. To enable the ARGON2 you need to ensure that:
The following is for OpenLdap >= v2.4.
1 - Verify hash module is loaded
Search for your config module:
If there is no module, add the module:
where
modules.ldif
is :Note: for openldap/bitnami image, the olcModule config is :
2 - Verify hash method is allowed
Search for your config :
If there is no
olcPasswordHash
directive, update the config :where
olcPasswordHash.ldif
is:I hope this helps! Let me know if you have any other questions.
Best regards,