>> passwordStorageScheme: SSHA512
>> But if passwords are already in PBKDF2, then you will have to reset those
passwords. There is no undoing it without a full reset of the password at this time.
> Yes, that's what the docs say, but a simple bind seems to be enough for me. I
tested this and actually I could go back and forth between storage schemes using a simple
In newer versions we do have a "update password on bind", but I didn't
think it was in that version and I wasn't sure if it downgraded schemes. I guess it
It "updates" to the current default scheme, which if you haven't defined
will be PBKDF2, so for most sites it's an "upgrade". But as you note, if you
over-ride this and set your own scheme, on bind, yes it will "downgrade" to the
type you need. IIRC there is actually a test for that exact use case in the integration
test suites ...
> I am very happy with 389ds, its saved my ass...
Great, we really appreciate that!
Awesome! If you have more questions we'd love to hear them :)
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia