search

wheelybird / ldap-user-manager

A PHP web-based interface for LDAP user account management and self-service password change.
MIT License
479 stars 105 forks source link

Feature Request: Support Modern Password Hashes #180

Closed dr-waterstorm closed 1 year ago

dr-waterstorm commented 1 year ago

I'd like to use your GUI in combination with a modern LDAP setup. I've enabled Argon2 and PBKDF2 but sadly neither can be used with the ldap-user-manager at the moment.

I've checked your hashing function in the code and it only seems to supports the old LDAP standards and some {CRYPT} functions.

It would be awesome if you could implement Argon2 and PBKDF2. I do not have much experience in PHP, but you could probably use the PHP password_hash function for the job.

For example:

password_hash('somepassword', PASSWORD_ARGON2ID, ['memory_cost' => 2048, 'time_cost' => 4, 'threads' => 3]);

looks just like the LDAP hash generated with the LDAP command:

slappasswd -o module-load=/usr/lib/openldap/argon2.la -h '{ARGON2}'

so I'd assume it should work.

Thank you!

dr-waterstorm commented 1 year ago

I tried implementing PBKDF2 as well, but I could not get the generated hash to look like the one the LDAP generates, so I did not implement this. However, ARGON2 was implemented, so I'll close my issue.