1SLAPPW-ARGON2(5) File Formats Manual SLAPPW-ARGON2(5)
2
3
4
6 slappw-argon2 - Argon2 password module to slapd
7
9 /etc/openldap/slapd.conf
10
11 moduleload argon2 [<parameters>]
12
14 The argon2 module to slapd(8) provides support for the use of the key
15 derivation function Argon2, that was selected as the winner of the
16 Password Hashing Competition in July 2015, in hashed passwords in
17 OpenLDAP.
18
19 It does so by providing the additional password scheme {ARGON2} for use
20 in slapd.
21
22
24 The argon2 module does not need any configuration, but it can be con‐
25 figured by giving the following parameters:
26
27 m=<memory>
28 Set memory usage to <memory> kiB.
29
30 p=<parallelism>
31 Set parallelism to <parallelism> threads. Currently supported
32 only when linked with libargon2.
33
34 t=<iterations>
35 Set the number of iterations to <iterations>.
36
37 These replace defaults when preparing hashes for new passwords where
38 possible.
39
40 After loading the module, the password scheme {ARGON2} will be recog‐
41 nised in values of the userPassword attribute.
42
43 You can then instruct OpenLDAP to use this scheme when processing the
44 LDAPv3 Password Modify (RFC 3062) extended operations by using the
45 password-hash option in slapd.conf(5):
46
47 password-hash {ARGON2}
48
49 NOTES
50 If you want to use the scheme described here with slappasswd(8), remem‐
51 ber to load the module using its command line options. The relevant
52 option/value is:
53
54 -o module-load=argon2
55
56 Or if non-default parameters are required:
57
58 -o module-load="argon2 [<param>...]"
59
60 Depending on argon2's location, you may also need:
61
62 -o module-path=pathspec
63
64
66 Both userPassword LDAP attributes below encode the password 'secret'
67 using different salts:
68
69 userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
70
71 userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw
72
73
75 slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),
76
77 "OpenLDAP Administrator's Guide" ⟨http://www.OpenLDAP.org/doc/⟩
78
80 This manual page has been written by Peter Marschall based on the mod‐
81 ule's README file written by Simon Levermann ⟨simon@levermann.de⟩.
82
83 OpenLDAP is developed and maintained by The OpenLDAP Project
84 ⟨http://www.openldap.org/⟩. OpenLDAP is derived from University of
85 Michigan LDAP 3.3 Release.
86
87
88
89OpenLDAP 2.6.6 2023/07/31 SLAPPW-ARGON2(5)