--On Monday, May 29, 2023 1:22 PM -0400 PFiver via SASL <sasl@xxxxxxxxxxxxxxxxxx> wrote:
However, my setup includes an openLDAP instance where I store {SSHA} password. Thus I can not use the "auxprop" plugins. Is there a specific reason why none of the available mechanisms / plugins is supporting this setup?
Generally, I would say that since SASL is for SASL mechanisms, that would be why. With LDAP, a simple bind makes use of the userPassword attribute and it doesn't matter what hashing mechanism is used underneath. SSHA is very insecure at this point and we in the OpenLDAP project strongly advise against using it. With the current supported OpenLDAP release series, we recommend using the argon2 support that's now available.
Are you not able to configure direct LDAP simple binds for your software? Regards, Quanah ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/T944af1261400714f-M28e3465f89af044e8cafb053 Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription