Can I use a different password schema than DES for replication agreements?
Issue
I'm trying to set up multi master replication. I stop dirserv
, and add the following lines in dse.ldif
:
dn: cn=hydrogen,cn=replica,cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: hydrogen
cn: hydrogen
nsDS5ReplicaRoot: o=netscaperoot
nsDS5ReplicaHost: hydrogen.periodic.table
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {SSHA256}CYgmKc3dWIkHF4MDYq4rMFjtqfpNaFDWRiBtyxYV3RPNRRf2pJlJHw==
I generated the nsDS5ReplicaCredentials
attribute value using the pwdhash
command:
# pwdhash -s SSHA256 <<secret>>
{SSHA256}CYgmKc3dWIkHF4MDYq4rMFjtqfpNaFDWRiBtyxYV3RPNRRf2pJlJHw==
I can successfully use this hash in the userPassword
attribute of the cn=replication manager,cn=config
user, but when I start up the server with these settings, I get this in the error log:
NSMMReplicationPlugin - agmt="cn=hydrogen" (hydrogen:389): Decoding of the credentials failed.
It looks like the nsDS5ReplicaCredentials
doesn't accept the SSHA256 hash as valid hash. Is it really true that nsDS5ReplicaCredentials
doesn't accept SSHA256 hashes for a replication agreement?
Environment
Red Hat Directory Server 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.