Issue 6269 - RFE - Add nsslapd-pwdPBKDF2Rounds configuration to PBKDF…

…2-* plugins Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This was password hashing round value can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Fixes: #6269 Reviewed by: ?
389ds · Dec 20, 2024 · 3603e54 · 3603e54
1 parent 196a410
commit 3603e54
Show file tree

Hide file tree

Showing 23 changed files with 1,004 additions and 258 deletions.
diff --git a/dirsrvtests/tests/suites/openldap_2_389/migrate_hdb_test.py b/dirsrvtests/tests/suites/openldap_2_389/migrate_hdb_test.py
@@ -9,7 +9,6 @@
 import pytest
 import os
 from lib389.topologies import topology_st
-from lib389.password_plugins import PBKDF2Plugin
 from lib389.utils import ds_is_older
 from lib389.migrate.openldap.config import olConfig
 from lib389.migrate.openldap.config import olOverlayType

diff --git a/dirsrvtests/tests/suites/openldap_2_389/migrate_memberof_test.py b/dirsrvtests/tests/suites/openldap_2_389/migrate_memberof_test.py
@@ -9,7 +9,6 @@
 import pytest
 import os
 from lib389.topologies import topology_st
-from lib389.password_plugins import PBKDF2Plugin
 from lib389.utils import ds_is_older
 from lib389.migrate.openldap.config import olConfig
 from lib389.migrate.openldap.config import olOverlayType

diff --git a/dirsrvtests/tests/suites/openldap_2_389/migrate_monitor_test.py b/dirsrvtests/tests/suites/openldap_2_389/migrate_monitor_test.py
@@ -9,7 +9,6 @@
 import pytest
 import os
 from lib389.topologies import topology_st
-from lib389.password_plugins import PBKDF2Plugin
 from lib389.utils import ds_is_older
 from lib389.migrate.openldap.config import olConfig
 from lib389.migrate.openldap.config import olOverlayType

diff --git a/dirsrvtests/tests/suites/openldap_2_389/migrate_test.py b/dirsrvtests/tests/suites/openldap_2_389/migrate_test.py
@@ -9,7 +9,6 @@
 import pytest
 import os
 from lib389.topologies import topology_st
-from lib389.password_plugins import PBKDF2Plugin
 from lib389.utils import ds_is_older
 from lib389.migrate.openldap.config import olConfig
 from lib389.migrate.openldap.config import olOverlayType

diff --git a/dirsrvtests/tests/suites/password/pbkdf2_upgrade_plugin_test.py b/dirsrvtests/tests/suites/password/pbkdf2_upgrade_plugin_test.py
@@ -8,7 +8,7 @@
 #
 import pytest
 from lib389.topologies import topology_st
-from lib389.password_plugins import PBKDF2Plugin
+from lib389.password_plugins import PBKDF2SHA512Plugin
 from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
@@ -35,18 +35,18 @@ def test_pbkdf2_upgrade(topology_st):
 
     """
     # Remove the pbkdf2 plugin config
-    p1 = PBKDF2Plugin(topology_st.standalone)
+    p1 = PBKDF2SHA512Plugin(topology_st.standalone)
     assert(p1.exists())
     p1._protected = False
     p1.delete()
     # Restart
     topology_st.standalone.restart()
     # check it's been readded.
-    p2 = PBKDF2Plugin(topology_st.standalone)
+    p2 = PBKDF2SHA512Plugin(topology_st.standalone)
     assert(p2.exists())
     # Now restart to make sure we still work from the non-bootstrap form
     topology_st.standalone.restart()
-    p3 = PBKDF2Plugin(topology_st.standalone)
+    p3 = PBKDF2SHA512Plugin(topology_st.standalone)
     assert(p3.exists())