On 11/26/21 23:34, A. Schulze wrote:
using slapo-ppolicy I could configure slapd to hash a password if it's sent unhashed. > [..] overlay ppolicy ppolicy_default "cn=default,ou=ppolicies,dc=test" ppolicy_hash_cleartext [..] That work and I could hash them using ARGON2. [..] Is it possible to reject any userPasswords prefixed with hash schema?
See slapo-ppolicy(5) for attribute 'pwdCheckQuality'. Ciao, Michael.
