SSHA is salted SHA-1, which is not considered secure. slappasswd can be forced to use crypt with SHA-512 hashing both on Debian 7 and Debian 8.
Commands should be replaced (at least) in roles:
openldap wherever a password is generated using slappasswdphp-ldap-password where the password is generated using a PHP function
SSHA is salted SHA-1, which is not considered secure.
slappasswdcan be forced to usecryptwith SHA-512 hashing both on Debian 7 and Debian 8.Commands should be replaced (at least) in roles:
openldapwherever a password is generated usingslappasswdphp-ldap-passwordwhere the password is generated using a PHP function