Skip to content

Commit

Permalink
Issue 6269 - RFE - Add nsslapd-pwdPBKDF2Rounds configuration to PBKDF…
Browse files Browse the repository at this point in the history
…2-* plugins (389ds#6447)

Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in
PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted.
Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide.
Add CLI, Web UI option, and CI tests.

Increase DEFAULT_PBKDF2_ROUNDS to 100_000.

Fixes: 389ds#6269

Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
  • Loading branch information
droideck authored Jan 8, 2025
1 parent ba09249 commit b8e442b
Show file tree
Hide file tree
Showing 23 changed files with 1,000 additions and 258 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import pytest
import os
from lib389.topologies import topology_st
from lib389.password_plugins import PBKDF2Plugin
from lib389.utils import ds_is_older
from lib389.migrate.openldap.config import olConfig
from lib389.migrate.openldap.config import olOverlayType
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import pytest
import os
from lib389.topologies import topology_st
from lib389.password_plugins import PBKDF2Plugin
from lib389.utils import ds_is_older
from lib389.migrate.openldap.config import olConfig
from lib389.migrate.openldap.config import olOverlayType
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import pytest
import os
from lib389.topologies import topology_st
from lib389.password_plugins import PBKDF2Plugin
from lib389.utils import ds_is_older
from lib389.migrate.openldap.config import olConfig
from lib389.migrate.openldap.config import olOverlayType
Expand Down
1 change: 0 additions & 1 deletion dirsrvtests/tests/suites/openldap_2_389/migrate_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import pytest
import os
from lib389.topologies import topology_st
from lib389.password_plugins import PBKDF2Plugin
from lib389.utils import ds_is_older
from lib389.migrate.openldap.config import olConfig
from lib389.migrate.openldap.config import olOverlayType
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
#
import pytest
from lib389.topologies import topology_st
from lib389.password_plugins import PBKDF2Plugin
from lib389.password_plugins import PBKDF2SHA256Plugin
from lib389.utils import ds_is_older

pytestmark = pytest.mark.tier1
Expand All @@ -35,18 +35,18 @@ def test_pbkdf2_upgrade(topology_st):
"""
# Remove the pbkdf2 plugin config
p1 = PBKDF2Plugin(topology_st.standalone)
p1 = PBKDF2SHA256Plugin(topology_st.standalone)
assert(p1.exists())
p1._protected = False
p1.delete()
# Restart
topology_st.standalone.restart()
# check it's been readded.
p2 = PBKDF2Plugin(topology_st.standalone)
p2 = PBKDF2SHA256Plugin(topology_st.standalone)
assert(p2.exists())
# Now restart to make sure we still work from the non-bootstrap form
topology_st.standalone.restart()
p3 = PBKDF2Plugin(topology_st.standalone)
p3 = PBKDF2SHA256Plugin(topology_st.standalone)
assert(p3.exists())


Loading

0 comments on commit b8e442b

Please sign in to comment.