diff --git a/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh index 09a2feefb11eb..e32b3e897a46e 100644 --- a/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -73,7 +73,8 @@ export LDAP_REQUIRE_TLS="${LDAP_REQUIRE_TLS:-no}" export LDAP_ULIMIT_NOFILES="${LDAP_ULIMIT_NOFILES:-1024}" export LDAP_ALLOW_ANON_BINDING="${LDAP_ALLOW_ANON_BINDING:-yes}" export LDAP_LOGLEVEL="${LDAP_LOGLEVEL:-256}" -export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{SSHA\}}" +export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{CRYPT\}}" +export LDAP_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}" export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-no}" export LDAP_PPOLICY_USE_LOCKOUT="${LDAP_PPOLICY_USE_LOCKOUT:-no}" export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-no}" @@ -633,9 +634,7 @@ ldap_initialize() { ldap_add_custom_schemas fi # additional configuration - if [[ ! "$LDAP_PASSWORD_HASH" == "{SSHA}" ]]; then - ldap_configure_password_hash - fi + ldap_configure_password_hash if is_boolean_yes "$LDAP_CONFIGURE_PPOLICY"; then ldap_configure_ppolicy fi @@ -835,10 +834,20 @@ EOF ldap_configure_password_hash() { info "Configuring LDAP olcPasswordHash" cat > "${LDAP_SHARE_DIR}/password_hash.ldif" << EOF +# +# Password Hash Configuration +# dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash olcPasswordHash: $LDAP_PASSWORD_HASH + +# +# Password Crypt Salt Format +# +dn: cn=config +add: olcPasswordCryptSaltFormat +olcPasswordCryptSaltFormat: $LDAP_PASSWORD_CRYPT_SALT_FORMAT EOF debug_execute ldapmodify -Y EXTERNAL -H "ldapi:///" -f "${LDAP_SHARE_DIR}/password_hash.ldif" } diff --git a/bitnami/openldap/2.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/openldap/2.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json deleted file mode 100644 index 520bb7861933a..0000000000000 --- a/bitnami/openldap/2.6/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "openldap": { - "arch": "amd64", - "distro": "debian-12", - "type": "NAMI", - "version": "2.6.8-1" - } -} \ No newline at end of file diff --git a/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh index 09a2feefb11eb..e32b3e897a46e 100644 --- a/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -73,7 +73,8 @@ export LDAP_REQUIRE_TLS="${LDAP_REQUIRE_TLS:-no}" export LDAP_ULIMIT_NOFILES="${LDAP_ULIMIT_NOFILES:-1024}" export LDAP_ALLOW_ANON_BINDING="${LDAP_ALLOW_ANON_BINDING:-yes}" export LDAP_LOGLEVEL="${LDAP_LOGLEVEL:-256}" -export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{SSHA\}}" +export LDAP_PASSWORD_HASH="${LDAP_PASSWORD_HASH:-{CRYPT\}}" +export LDAP_PASSWORD_CRYPT_SALT_FORMAT="${LDAP_PASSWORD_CRYPT_SALT_FORMAT:-\$5\$%.16s}" export LDAP_CONFIGURE_PPOLICY="${LDAP_CONFIGURE_PPOLICY:-no}" export LDAP_PPOLICY_USE_LOCKOUT="${LDAP_PPOLICY_USE_LOCKOUT:-no}" export LDAP_PPOLICY_HASH_CLEARTEXT="${LDAP_PPOLICY_HASH_CLEARTEXT:-no}" @@ -633,9 +634,7 @@ ldap_initialize() { ldap_add_custom_schemas fi # additional configuration - if [[ ! "$LDAP_PASSWORD_HASH" == "{SSHA}" ]]; then - ldap_configure_password_hash - fi + ldap_configure_password_hash if is_boolean_yes "$LDAP_CONFIGURE_PPOLICY"; then ldap_configure_ppolicy fi @@ -835,10 +834,20 @@ EOF ldap_configure_password_hash() { info "Configuring LDAP olcPasswordHash" cat > "${LDAP_SHARE_DIR}/password_hash.ldif" << EOF +# +# Password Hash Configuration +# dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash olcPasswordHash: $LDAP_PASSWORD_HASH + +# +# Password Crypt Salt Format +# +dn: cn=config +add: olcPasswordCryptSaltFormat +olcPasswordCryptSaltFormat: $LDAP_PASSWORD_CRYPT_SALT_FORMAT EOF debug_execute ldapmodify -Y EXTERNAL -H "ldapi:///" -f "${LDAP_SHARE_DIR}/password_hash.ldif" } diff --git a/bitnami/openldap/2.6/debian-12/tags-info.yaml b/bitnami/openldap/2.6/debian-12/tags-info.yaml index 609ab08bedc99..8b752927a0faf 100644 --- a/bitnami/openldap/2.6/debian-12/tags-info.yaml +++ b/bitnami/openldap/2.6/debian-12/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2.6" - 2.6-debian-12 -- 2.6.8 +- 2.6.9 - latest diff --git a/bitnami/openldap/README.md b/bitnami/openldap/README.md index 615d254753939..c88e03d87c55a 100644 --- a/bitnami/openldap/README.md +++ b/bitnami/openldap/README.md @@ -190,7 +190,8 @@ The Bitnami Docker OpenLDAP can be easily setup with the following environment v * `LDAP_ULIMIT_NOFILES`: Maximum number of open file descriptors. Default: **1024**. * `LDAP_ALLOW_ANON_BINDING`: Allow anonymous bindings to the LDAP server. Default: **yes**. * `LDAP_LOGLEVEL`: Set the loglevel for the OpenLDAP server (see for possible values). Default: **256**. -* `LDAP_PASSWORD_HASH`: Hash to be used in generation of user passwords. Must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. Default: **{SSHA}**. +* `LDAP_PASSWORD_HASH`: Hash to be used in generation of user passwords. Must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. Default: **{CRYPT}**. +* `LDAP_PASSWORD_CRYPT_SALT_FORMAT`: When using the {CRYPT} hash, specifies the format of the salt. Default: **$5$%.16s%s** (SHA-256). * `LDAP_CONFIGURE_PPOLICY`: Enables the ppolicy module and creates an empty configuration. Default: **no**. * `LDAP_PPOLICY_USE_LOCKOUT`: Whether bind attempts to locked accounts will always return an error. Will only be applied with `LDAP_CONFIGURE_PPOLICY` active. Default: **no**. * `LDAP_PPOLICY_HASH_CLEARTEXT`: Whether plaintext passwords should be hashed automatically. Will only be applied with `LDAP_CONFIGURE_PPOLICY` active. Default: **no**.