On 2021-11-07, Ralph Seichter <ra...@ml.seichter.de> wrote: > * Alexander Dalloz: > >> Don't know about Ubuntu specifics [...] > > Thank you for the pointers. Am I right to interpret the Dovecot docs as > stating that SSHA384 is not supported by the official packages, and that > my only recourse might be building from the source code and adding some > external code in the process? > > I do not remember encountering SSHA384 before, but the existing LDAP > records use this schema for about half of a huge user base. Telling all > affected users to change their passwords is not an option.
Assuming that SSHA384 is supported by your LDAP server, you could perhaps use "auth_bind = yes" to have Dovecot attempt a bind with the user-supplied password, rather than having Dovecot retrieve the hashed password and validate it itself.
