How to enable LDAP authentication for schema SSHA384
Stuart Henderson
stu.lists at spacehopper.org
Sun Nov 7 19:49:24 UTC 2021
On 2021-11-07, Ralph Seichter <ralph at ml.seichter.de> wrote:
> * Alexander Dalloz:
>
>> Don't know about Ubuntu specifics [...]
>
> Thank you for the pointers. Am I right to interpret the Dovecot docs as
> stating that SSHA384 is not supported by the official packages, and that
> my only recourse might be building from the source code and adding some
> external code in the process?
>
> I do not remember encountering SSHA384 before, but the existing LDAP
> records use this schema for about half of a huge user base. Telling all
> affected users to change their passwords is not an option.
Assuming that SSHA384 is supported by your LDAP server, you could
perhaps use "auth_bind = yes" to have Dovecot attempt a bind with the
user-supplied password, rather than having Dovecot retrieve the hashed
password and validate it itself.
More information about the dovecot
mailing list