From unknown Fri Jun 13 11:20:07 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#76280: 389-ds-base ver. 2.2.2 missing PBKDF2_SHA256 hash schema support
Resent-From: Giovanni Biscuolo <g@xelera.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 14 Feb 2025 09:31:02 +0000
Resent-Message-ID: <handler.76280.B.17395254302182@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 76280
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 76280@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.17395254302182
          (code B ref -1); Fri, 14 Feb 2025 09:31:02 +0000
Received: (at submit) by debbugs.gnu.org; 14 Feb 2025 09:30:30 +0000
Received: from localhost ([127.0.0.1]:47049 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1tis1l-0000Z8-S8
	for submit@debbugs.gnu.org; Fri, 14 Feb 2025 04:30:30 -0500
Received: from lists.gnu.org ([2001:470:142::17]:39658)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <g@xelera.eu>) id 1tis1i-0000Yq-Cx
 for submit@debbugs.gnu.org; Fri, 14 Feb 2025 04:30:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <g@xelera.eu>) id 1tis1c-0002DH-Dc
 for bug-guix@gnu.org; Fri, 14 Feb 2025 04:30:20 -0500
Received: from mx1.meup.it ([162.55.88.253])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <g@xelera.eu>) id 1tis1Z-0000PW-Lm
 for bug-guix@gnu.org; Fri, 14 Feb 2025 04:30:20 -0500
Received: from bourrache.mug.xelera.it (unknown [93.56.171.185])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.meup.it (Postfix) with ESMTPSA id 8A56681212
 for <bug-guix@gnu.org>; Fri, 14 Feb 2025 10:30:11 +0100 (CET)
Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14])
 by bourrache.mug.xelera.it (Postfix) with SMTP id A41813B634FF
 for <bug-guix@gnu.org>; Fri, 14 Feb 2025 10:30:10 +0100 (CET)
Received: (nullmailer pid 3118921 invoked by uid 1000);
 Fri, 14 Feb 2025 09:30:10 -0000
From: Giovanni Biscuolo <g@xelera.eu>
Organization: Xelera.eu
Date: Fri, 14 Feb 2025 10:30:09 +0100
Message-ID: <87wmdsq3fi.fsf@xelera.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xelera.eu; s=dkim;
 t=1739525411; bh=d9uuD/Fzw5DH+Gi4GW4oBFeUQhrQLqKapPLRfyClz+M=;
 h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
 b=e8DrM48qu2xX+GQkX68/FMOSl8J5Ioo0YZcGm0WdRUeyvEH0xtiJaE9mwRBoOeCDocZ6Cw3mEMAjoADmG//nIR8MYyNqJUJEU7T+bJaTFJhRemZ8BWpu58x8dq52tExq11Z3+t7w53PhX2k9XoWBMqY+dAzR59AHDbHZmXZ16HE=
Received-SPF: pass client-ip=162.55.88.253; envelope-from=g@xelera.eu;
 helo=mx1.meup.it
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.1 (/)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,

Executive summary: the plugin "/lib/dirsrv/plugins/libpwdchan-plugin.so"
is missing in
"/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-2.2.2/"

I'm trying to setup a directory-server-service on Guix System using this
service definition in my operating-system:

=2D-8<---------------cut here---------------start------------->8---

(service directory-server-service-type
        (directory-server-instance-configuration
         (slapd
          (slapd-configuration
           (root-password "{PBKDF2_SHA256}AAAgANjxkt+wBF[...]")))))

=2D-8<---------------cut here---------------end--------------->8---

I'm using a PBKDF2_SHA256 sheme password (trimmed above) since AFAIU
it's more secure against brute force attacks; I generated the hash with
this command:

=2D-8<---------------cut here---------------start------------->8---

pwdhash -s PBKDF2_SHA256 <password>

=2D-8<---------------cut here---------------end--------------->8---

Please also consider that PBKDF2_SHA256 is the scheme used in the
example configuration of the Guix manual:
https://guix.gnu.org/manual/devel/en/html_node/LDAP-Services.html#index-LDA=
P_002c-server

After reconfiguring Guix System if I try to start the service I get:

=2D-8<---------------cut here---------------start------------->8---

g@pistache ~$ sudo herd start directory-server-localhost
Password:=20
PID file '/run/dirsrv/slapd-localhost.pid' did not show up; terminating pro=
cess 15747.
Service directory-server-localhost could not be started.
herd: error: failed to start service directory-server-localhost

=2D-8<---------------cut here---------------end--------------->8---

This is what I get in the log file
/var/log/dirsrv/slapd-localhost/errors:

=2D-8<---------------cut here---------------start------------->8---

[14/Feb/2025:09:36:48.609619909 +0100] - ERR - symload_report_error - Netsc=
ape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mx=
nn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open s=
hared object file: No such file or directory
[14/Feb/2025:09:36:48.634703449 +0100] - ERR - symload_report_error - Could=
 not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-=
2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2
[14/Feb/2025:09:36:48.668040691 +0100] - ERR - plugin_setup - "PBKDF2" plug=
in in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.693696064 +0100] - ERR - symload_report_error - Netsc=
ape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mx=
nn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open s=
hared object file: No such file or directory
[14/Feb/2025:09:36:48.718060230 +0100] - ERR - symload_report_error - Could=
 not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-=
2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA1
[14/Feb/2025:09:36:48.743072672 +0100] - ERR - plugin_setup - "PBKDF2-SHA1"=
 plugin in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.769131704 +0100] - ERR - symload_report_error - Netsc=
ape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mx=
nn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open s=
hared object file: No such file or directory
[14/Feb/2025:09:36:48.793075389 +0100] - ERR - symload_report_error - Could=
 not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-=
2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA256
[14/Feb/2025:09:36:48.818071205 +0100] - ERR - plugin_setup - "PBKDF2-SHA25=
6" plugin in library "libpwdchan-plugin" not initialized and ignored
[14/Feb/2025:09:36:48.844240257 +0100] - ERR - symload_report_error - Netsc=
ape Portable Runtime error -5977: /gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mx=
nn-389-ds-base-2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so: cannot open s=
hared object file: No such file or directory
[14/Feb/2025:09:36:48.868061742 +0100] - ERR - symload_report_error - Could=
 not open library "/gnu/store/rngdj26hcc22iwfllfpxkjyzpkc3mxnn-389-ds-base-=
2.2.2/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2-SHA512
[14/Feb/2025:09:36:48.893072834 +0100] - ERR - plugin_setup - "PBKDF2-SHA51=
2" plugin in library "libpwdchan-plugin" not initialized and ignored

=2D-8<---------------cut here---------------end--------------->8---

Thank you! Gio'

=2D-=20
Giovanni Biscuolo

Xelera IT Infrastructures

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmevDSEMHGdAeGVsZXJh
LmV1AAoJENN9DqfOzDkSypcP/0gS51560FpHjxtjhfYrlIj6VQOB+X2bInhQH8Q9
B4wLH9w7DYIJZjRxEEo0RlAGdr2Pdfg5q0kRWX+6PRMOePpebNxHbkC2ryew+OCe
PjfghEEIHwUY2IZYHJevNs3aWw5AXRrI+J+waBMSknnxBMGt+s6owCnvNX7wgul5
v5CI4yNSCkHUmB10YYj6ZrC6wPolSLpveLmw/Kki3w6vziq0Kv1rHokqeEXa6kI9
cjp9UmVTmU3h7mQe1eQ/+v6UoYfgoquDiLw9KaFWZx57lRj6W2iwpRH6Jala3fPo
kDdhRbaUoxBkUumn87ZH2iRQuYgctoLZgWdgc9VWobApw2hLUQB7/vmGsmL5RRy6
5tFDhxq1vlc5Tux9BD0/gLuXXew8ADvlN+QpsiL414pZj545Knlh/YOAmELJI0TP
VQ+Hsiv5uz3f1CalBhwIQ1TUEjHSwSAgaJTS8s6hTL210xFlq2Qb2cVHRRRGMG9n
vfHeJaEzlRjJbrcHVcdfqQBr0Ib3NHmWNs5F9LeZGW3X91rFTfAOhqfpRFGDpxiK
hkngKo+EjP+JCz+59c9E7cTX+2s9ML3cKB4ecl5mRNUq3qHZyQrt/uTVpdpPFjEE
tl2O4BaG8bIdrOUI1uGczHse6LUA7C+VxcL2JduOeE6y6RYy9MKO7PcSubCMfJjC
2HsD
=moqc
-----END PGP SIGNATURE-----
--=-=-=--