search

wheelybird / ldap-user-manager

A PHP web-based interface for LDAP user account management and self-service password change.
MIT License
489 stars 108 forks source link

Feature/support modern password hashes #182

Closed dr-waterstorm closed 1 year ago

dr-waterstorm commented 1 year ago

Description

This implements the ARGON2 hashing algorithm. In order to use this, the LDAP server needs to have the ARGON2 plugin compiled, installed and activated.

This addresses feature request issue #180

How to use?

Use a container with compiled ARGON2 plugin

For testing use a LDAP container with ARGON2 installed. For example the one from tiredofit

Enable ARGON2

ARGON2 needs to be activated as well using, for example by using the following LDIF:

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}argon2.la

(Optional) Set as default

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcPasswordHash
olcPasswordHash: {ARGON2}

Tell ldap-user-manager to use ARGON2

Set the env variable PASSWORD_HASH to ARGON2

wheelybird commented 1 year ago

Thanks for the PR. Do you know if the Dockerfile needs to be modified to enable the PHP Argon2 library?

dr-waterstorm commented 1 year ago

It's default from PHP 7.2 and up. I've tested with your Dockerfile (which has PHP 8) and it works out of the box.