slappw-argon2(5) - Man pages

dwww Home | Manual pages | Find package
SLAPPW-ARGON2(5)              File Formats Manual             SLAPPW-ARGON2(5)

NAME
       slappw-argon2 - Argon2 password module to slapd

SYNOPSIS
       /etc/ldap/slapd.conf

              moduleload argon2 [<parameters>]

DESCRIPTION
       The  argon2  module to slapd(8) provides support for the use of the key
       derivation function Argon2, that was selected  as  the  winner  of  the
       Password  Hashing  Competition  in  July  2015,  in hashed passwords in
       OpenLDAP.

       It does so by providing the additional password scheme {ARGON2} for use
       in slapd.

CONFIGURATION
       The  argon2  module does not need any configuration, but it can be con-
       figured by giving the following parameters:

       m=<memory>
              Set memory usage to <memory> kiB.

       p=<parallelism>
              Set parallelism to <parallelism>  threads.  Currently  supported
              only when linked with libargon2.

       t=<iterations>
              Set the number of iterations to <iterations>.

       These  replace  defaults  when preparing hashes for new passwords where
       possible.

       After loading the module, the password scheme {ARGON2} will  be  recog-
       nised in values of the userPassword attribute.

       You  can  then instruct OpenLDAP to use this scheme when processing the
       LDAPv3 Password Modify (RFC 3062)  extended  operations  by  using  the
       password-hash option in slapd.conf(5):

              password-hash {ARGON2}

   NOTES
       If you want to use the scheme described here with slappasswd(8), remem-
       ber to load the module using its command line  options.   The  relevant
       option/value is:

              -o module-load=argon2

       Or if non-default parameters are required:

              -o module-load="argon2 [<param>...]"

       Depending on argon2's location, you may also need:

              -o module-path=pathspec

EXAMPLES
       Both  userPassword  LDAP  attributes below encode the password 'secret'
       using different salts:

       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng

       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw

SEE ALSO
       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

       "OpenLDAP Administrator's Guide" ⟨http://www.OpenLDAP.org/doc/⟩

ACKNOWLEDGEMENTS
       This manual page has been written by Peter Marschall based on the  mod-
       ule's README file written by Simon Levermann ⟨simon@levermann.de⟩.

       OpenLDAP   is   developed   and  maintained  by  The  OpenLDAP  Project
       ⟨http://www.openldap.org/⟩.  OpenLDAP is  derived  from  University  of
       Michigan LDAP 3.3 Release.

OpenLDAP 2.5.13+dfsg-5            2022/07/14                  SLAPPW-ARGON2(5)
Generated by dwww version 1.15 on Thu Sep 4 10:48:13 CEST 2025.