Add configurable admin config encryption to openldap 2.6

Add configurable admin config encryption to openldap 2.5
Change defaults to hash plaintext passwords

bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh

@@ -78,9 +78,10 @@ export LDAP_ALLOW_ANON_BINDING="${LDAP_ALLOW_ANON_BINDING:-yes}"
 export LDAP_LOGLEVEL="${LDAP_LOGLEVEL:-256}"
 export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{CRYPT\}}"
 export LDAP_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}"
-export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-no}"
+export LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}"
+export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-yes}"
 export LDAP_PPOLICY_USE_LOCKOUT="${LDAP_PPOLICY_USE_LOCKOUT:-no}"
-export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-no}"
+export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-yes}"
 export LDAP_ENABLE_ACCESSLOG="${LDAP_ENABLE_ACCESSLOG:-no}"
 export LDAP_ACCESSLOG_DB="${LDAP_ACCESSLOG_DB:-cn=accesslog}"
 export LDAP_ACCESSLOG_LOGOPS="${LDAP_ACCESSLOG_LOGOPS:-writes}"
@@ -116,9 +117,9 @@ done
 unset ldap_env_vars
 
 # Setting encrypted admin passwords
-export LDAP_ENCRYPTED_ADMIN_PASSWORD="$(echo -n $LDAP_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
-export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
-export LDAP_ENCRYPTED_ACCESSLOG_ADMIN_PASSWORD="$(echo -n $LDAP_ACCESSLOG_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_ADMIN_PASSWORD="$(echo -n $LDAP_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_ACCESSLOG_ADMIN_PASSWORD="$(echo -n $LDAP_ACCESSLOG_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
 EOF
 }
 

bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh

@@ -78,9 +78,10 @@ export LDAP_ALLOW_ANON_BINDING="${LDAP_ALLOW_ANON_BINDING:-yes}"
 export LDAP_LOGLEVEL="${LDAP_LOGLEVEL:-256}"
 export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{CRYPT\}}"
 export LDAP_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}"
-export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-no}"
+export LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}"
+export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-yes}"
 export LDAP_PPOLICY_USE_LOCKOUT="${LDAP_PPOLICY_USE_LOCKOUT:-no}"
-export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-no}"
+export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-yes}"
 export LDAP_ENABLE_ACCESSLOG="${LDAP_ENABLE_ACCESSLOG:-no}"
 export LDAP_ACCESSLOG_DB="${LDAP_ACCESSLOG_DB:-cn=accesslog}"
 export LDAP_ACCESSLOG_LOGOPS="${LDAP_ACCESSLOG_LOGOPS:-writes}"
@@ -116,9 +117,9 @@ done
 unset ldap_env_vars
 
 # Setting encrypted admin passwords
-export LDAP_ENCRYPTED_ADMIN_PASSWORD="$(echo -n $LDAP_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
-export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
-export LDAP_ENCRYPTED_ACCESSLOG_ADMIN_PASSWORD="$(echo -n $LDAP_ACCESSLOG_ADMIN_PASSWORD | slappasswd -c '$5$%.16s' -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_ADMIN_PASSWORD="$(echo -n $LDAP_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
+export LDAP_ENCRYPTED_ACCESSLOG_ADMIN_PASSWORD="$(echo -n $LDAP_ACCESSLOG_ADMIN_PASSWORD | slappasswd -c "$LDAP_ADMIN_PASSWORD_CRYPT_SALT_FORMAT" -n -T /dev/stdin)"
 EOF
 }