How to enable LDAP authentication for schema SSHA384

Stuart Henderson stu.lists at
Sun Nov 7 19:49:24 UTC 2021

On 2021-11-07, Ralph Seichter <ralph at> wrote:
> * Alexander Dalloz:
>> Don't know about Ubuntu specifics [...]
> Thank you for the pointers. Am I right to interpret the Dovecot docs as
> stating that SSHA384 is not supported by the official packages, and that
> my only recourse might be building from the source code and adding some
> external code in the process?
> I do not remember encountering SSHA384 before, but the existing LDAP
> records use this schema for about half of a huge user base. Telling all
> affected users to change their passwords is not an option.

Assuming that SSHA384 is supported by your LDAP server, you could
perhaps use "auth_bind = yes" to have Dovecot attempt a bind with the
user-supplied password, rather than having Dovecot retrieve the hashed
password and validate it itself.

More information about the dovecot mailing list