--On Monday, May 29, 2023 1:22 PM -0400 PFiver via SASL
<sasl@xxxxxxxxxxxxxxxxxx> wrote:
However, my setup includes an openLDAP instance where I store {SSHA}
password. Thus I can not use the "auxprop" plugins.
Is there a specific reason why none of the available mechanisms / plugins
is supporting this setup?
Generally, I would say that since SASL is for SASL mechanisms, that would
be why. With LDAP, a simple bind makes use of the userPassword attribute
and it doesn't matter what hashing mechanism is used underneath. SSHA is
very insecure at this point and we in the OpenLDAP project strongly advise
against using it. With the current supported OpenLDAP release series, we
recommend using the argon2 support that's now available.
Are you not able to configure direct LDAP simple binds for your software?
Regards,
Quanah
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/T944af1261400714f-M28e3465f89af044e8cafb053
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
