using {CRYPT} for rootpw, using SHA512?

[Brian Reichert <reichert@numachi.com>]

I've been messing with trying to get SHA512 password hash formats in
openldap 2.4.39 under a 64-bit CentOS 6 distribution, using the LTB RPMs.

I have read the FAQ at http://www.openldap.org/faq/data/cache/1467.html

- The first entry describes a third-party module; I have been
  using that for years on a 32-bit CentOS 5 platform, using the
  vendor-provided openldap-2.3.43 RPMs.

  My efforts to build that module for 2.4.39 seemed to build clean,
  but effort to bind as a user with a {SHA512} hashed password cause
  slapd to segfault.

  I didn't try very hard to track that down, as there seem to be
  better supported techniques.

- The third entry describes a slapo-pw-sha2 overlay, but no LTB RPM
  provides the overlay.  I tried exactly once to build this overlay,
  but that failed due to a configure failure.  I blame me; I'll
  revisit this when I have the time.

However, I had some luck with the second entry, using {CRYPT}.

Following these instructions, I was able to create users, successfully
bind, and even use ldappasswd to change the passwords:
  
  http://www.openldap.org/lists/openldap-technical/201305/msg00002.html

But, when I generated a hashed password using suggestions like this:

  http://serverfault.com/questions/330069/how-to-create-an-sha-512-hashed-password-for-shadow

  # python -c 'import crypt; print crypt.crypt("test", "$6$random_salt")'
  $6$random_salt$BnOQxEG8Gk2rzFYwoWXjr59zLVYzwshvca5oV0PtU8fAfT4a571evgca.E0hLnYNCdfq//zw9YyQN33QtztI10

and tried to embed this rootpw in my config file; 

  rootpw {CRYPT}$6$random_salt$BnOQxEG8Gk2rzFYwoWXjr59zLVYzwshvca5oV0PtU8fAfT4a571evgca.E0hLnYNCdfq//zw9YyQN33QtztI10

I would get bind errors.

Have I misunderstood how to use {CRYPT} for storing root's password?

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large