Can I use a different password schema than DES for replication agreements?

Solution Unverified - Updated -


I'm trying to set up multi master replication. I stop dirserv, and add the following lines in dse.ldif:

dn: cn=hydrogen,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: hydrogen
cn: hydrogen
nsDS5ReplicaRoot: o=netscaperoot
nsDS5ReplicaHost: hydrogen.periodic.table
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {SSHA256}CYgmKc3dWIkHF4MDYq4rMFjtqfpNaFDWRiBtyxYV3RPNRRf2pJlJHw==

I generated the nsDS5ReplicaCredentials attribute value using the pwdhash command:

# pwdhash -s SSHA256 <<secret>>

I can successfully use this hash in the userPassword attribute of the cn=replication manager,cn=config user, but when I start up the server with these settings, I get this in the error log:

NSMMReplicationPlugin - agmt="cn=hydrogen" (hydrogen:389): Decoding of the credentials failed.

It looks like the nsDS5ReplicaCredentials doesn't accept the SSHA256 hash as valid hash. Is it really true that nsDS5ReplicaCredentials doesn't accept SSHA256 hashes for a replication agreement?


Red Hat Directory Server 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content