GNU bug report logs - #76280
389-ds-base ver. 2.2.2 missing PBKDF2_SHA256 hash schema support

Previous Next

Package: guix;

Reported by: Giovanni Biscuolo <g <at> xelera.eu>

Date: Fri, 14 Feb 2025 09:31:02 UTC

Severity: normal

To reply to this bug, email your comments to 76280 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#76280; Package guix. (Fri, 14 Feb 2025 09:31:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Giovanni Biscuolo <g <at> xelera.eu>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Fri, 14 Feb 2025 09:31:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Giovanni Biscuolo <g <at> xelera.eu>
To: bug-guix <at> gnu.org
Subject: 389-ds-base ver. 2.2.2 missing PBKDF2_SHA256 hash schema support
Date: Fri, 14 Feb 2025 10:30:09 +0100

[Message part 1 (text/plain, inline)]
Hello,

Executive summary: the plugin "/lib/dirsrv/plugins/libpwdchan-plugin.so"
is missing in
"/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/"

I'm trying to setup a directory-server-service on Guix System using this
service definition in my operating-system:

--8<---------------cut here---------------start------------->8---

(service directory-server-service-type
        (directory-server-instance-configuration
         (slapd
          (slapd-configuration
           (root-password "{PBKDF2_SHA256}AAAgANjxkt+wBF[...]")))))

--8<---------------cut here---------------end--------------->8---

I'm using a PBKDF2_SHA256 sheme password (trimmed above) since AFAIU
it's more secure against brute force attacks; I generated the hash with
this command:

--8<---------------cut here---------------start------------->8---

pwdhash -s PBKDF2_SHA256 <password>

--8<---------------cut here---------------end--------------->8---

Please also consider that PBKDF2_SHA256 is the scheme used in the
example configuration of the Guix manual:
https://guix.gnu.org/manual/devel/en/html_node/LDAP-Services.html#index-LDAP_002c-server

After reconfiguring Guix System if I try to start the service I get:

--8<---------------cut here---------------start------------->8---

g <at> pistache ~$ sudo herd start directory-server-localhost
Password: 
PID file '/run/dirsrv/slapd-localhost.pid' did not show up; terminating process 15747.
Service directory-server-localhost could not be started.
herd: error: failed to start service directory-server-localhost

--8<---------------cut here---------------end--------------->8---

This is what I get in the log file
/var/log/dirsrv/slapd-localhost/errors:

--8<---------------cut here---------------start------------->8---

[14/Feb/2025:09:36:48.609619909 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open shared object file: No such file or directory
[14/Feb/2025:09:36:48.634703449 +0100] - ERR - symload_report_error - Could not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2
[14/Feb/2025:09:36:48.668040691 +0100] - ERR - plugin_setup - "PBKDF2" plugin in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.693696064 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open shared object file: No such file or directory
[14/Feb/2025:09:36:48.718060230 +0100] - ERR - symload_report_error - Could not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA1
[14/Feb/2025:09:36:48.743072672 +0100] - ERR - plugin_setup - "PBKDF2-SHA1" plugin in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.769131704 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open shared object file: No such file or directory
[14/Feb/2025:09:36:48.793075389 +0100] - ERR - symload_report_error - Could not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA256
[14/Feb/2025:09:36:48.818071205 +0100] - ERR - plugin_setup - "PBKDF2-SHA256" plugin in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.844240257 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open shared object file: No such file or directory
[14/Feb/2025:09:36:48.868061742 +0100] - ERR - symload_report_error - Could not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA512
[14/Feb/2025:09:36:48.893072834 +0100] - ERR - plugin_setup - "PBKDF2-SHA512" plugin in library "libpwdchan-plugin" not initialized and ignored

--8<---------------cut here---------------end--------------->8---

Thank you! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 70 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.