On Tue, 2020-06-16 at 08:47 -0400, John Stoffel wrote:
Jeffrey> Thanks for your reply! We already found the issue, we're using a Jeffrey> special character in our salt which isn't allowed (anymore?). After Jeffrey> changing the salt, LDAP authentication is working again on Ubuntu Jeffrey> Focal.
Great news, can you post more details so that other's don't run into the same problem? Knowing the salt value isn't a bad thing....
Ofcourse! We generated a unique salt for each password with the characters: "A-Za-z0-9./~=[];':!-()". This worked fine for years, until the upgrade to Ubuntu Focal.
After (long) debugging, we found out that only the following characters are accepted for generating a valid salt: "./0-9A-Za-z"
So if you generate a salt for SHA, only use these characters: "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".