So you're storing all of your info in ldap and all of those services you listed are attempting to bind to LDAP and authenticate using userPassword correct? I don't think it matters how you store your passwords in LDAP, clients simply send a password to LDAP and LDAP says "It's good," or "It's bad." You should have no problem migrating to the salted SHA.
If you really want to be certain, just change one or two accounts to SSHA and see if you can do everything.
I use OpenLDAP 2.4.11 with all SSHA passwords (for the accounts that do use userPassword - most stuff is Kerberos), and have had no problems. I use LDAP as my kerb backend, I use it for NSS, dovecot, and postfix. I don't use Samba, and I don't use any of those LDAP GUI's you mentioned. (I use ldapvi a lot, and also Apache Directory Studio for a lot of things).
|