Whilst doing some experimentation with OpenLDAP I found that if I hashed my passwords using SSHA-512 in Apache Directory Studio I would not be able to authenticate.

After some work I discovered that to support those hashes I needed to load the pw-sha2.so module.

We’re using the osixia docker container for our LDAP. It’s a very simple container and has some nice features like daily backups, and is built around olc (OnLine Configuration).

Looking inside the container, I find the module I want is included in /usr/lib/ldap/pw-sha2.so along with all the other required parts. This means I just need to add it to the olc config to load the module. To do this, entered the container and I created an LDIF file with the following content:

docker-compose exec openldap bash

pw-sha2.ldif

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2.la

Then imported it using:

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f pw-sha2.ldif

That’s all it takes. Now I can use the SSHA-256 and SSHA-512 hashes.