Openldap argon2

Hello everyone

I do have a question regarding openldap on rocky 9 installed from the “plus” repository. Since a while, openldap does support argon2 password hashes: ITS#9453 - Make pw-argon2 official (!225) · Merge requests · openldap / OpenLDAP · GitLab. According to the README:

This module is now part of regular OpenLDAP build process and enabled if libsodium or libargon2 library and the corresponding development headers are present.

However, it seems argon2 is not part of openldap-servers-2.6.2-3 package:

[root@localhost ~]# find /usr/lib64/openldap/ | grep -i argon
[root@localhost ~]#

I assume that neither libsodium nor libargon2 is present during the build process. Does anybody know, how the build process of the packages from the “plus” repo works and maybe even what can be done to make sure libargon2 is present during the build?


The openldap-servers package is built from the standard openldap package, meaning it’s not a separate build from the openldap and openldap-clients packages that are by default available. It’s all built from the same source package. Us building and providing openldap-servers differs from Red Hat, as when Red Hat builds openldap, they have the “servers” portion turned off. And the only reason why we turn it on is because we have users that would like to have it available, and sticking it in plus was where we chose to put it.

With all of that being said, the settings that are used to build the server portion is what is provided by the spec file. Red Hat does not build the servers portion unless it’s absolutely required, so it is turned off by default. As mentioned, we turn it on. Because Red Hat does not wish to build nor support openldap-servers, this is why some features or libraries are not compiled in or enabled.

For reference, patches and build settings start here. The build starts here.

To conclude, adding libargon2 to the build is unfortunately out of scope for our builds of openldap-servers, as it would make the resulting openldap libraries differ from our upstream.

However, there is nothing stopping you from taking our source RPM and modifying the spec file to include argon2 support (at a glance, this would require you to change the spec to have BuildRequires: libargon2-devel libsodium-devel at a minimum, and likely a patch to change the makefile or a configure option in %build).

I see, thank you for the explanation