Ok, the problem is solved.You have to do three simple steps to get what I wanted:
- openldap server:
- add under global dn cn=config group:
- olcPasswordCryptSaltFormat: "$6$%.86s"
- add under DN: olcDatabase={-1}frontend,cn=config
- olcPasswordHash: {CRYPT}
- ldap clients, ldap.conf:
- search for the "pam_password" entry and change it to "exop"
The directive "pam_password exop" tells pam-ldap to change passwords in a way that allows OpenLDAP to apply the hashing algorithm specified in /etc/ldap/slapd.conf, instead of attempting to hash locally and write the result directly into the database.(explanation taken from: http://karmak.org/archive/2003/02/ldap/ldap-linux.htm)
There you go, you have the $6$ salting scheme and someone can convert from /etc/shadow to ldap and vice versa.
Thx a lot to the people of #openldap (especially blingme) and to Jo Shields for finding the needed server attributes.
