Roberto's questions

I have an OpenLDAP LDAP server on Debian 9 (through the slapd package, v2.4.44). We use crypt for password authentication. Currently the scheme is SHA512: $5$....
The setup is pretty much as described in this question: How to use SHA-256 hashed (and salted) passwords from OpenLDAP in pam_ldap? (and see https://en.wikipedia.org/wiki/Crypt_(C))

I was thinking I would try to upgrade from SHA512 to bcrypt (blowfish hashes, $2y$...) since they are much harder to crack.

The beauty about the crypt back-end is the scheme is saved in the password itself. So to test bcrypt I can just log into my LDAP browser and change my own password to {CRYPT}$2y$10$...$, using an online tool to produce the hash.

However, if I now try to login with that account, it says my credentials are invalid.

For the record, with the process described I can successfully change the hash to other types and still login. It seems that bcrypt specifically is not recognized, but I expect the option to be there.

So, what else do I need to do to let OpenLDAP work with bcrypt?

(Apologies if I'm asking the wrong kind of question or in the wrong place.)

We run IT for our association (all volunteers). We have got a server with member database in OpenLDAP, mail server, ftp and a bunch of homemade web-applications.

Most of this is fine, except for the OpenLDAP member database. The people who set it up are long gone and the current IT group is not really capable of making changes.

So, I was thinking about moving the member database from OpenLDAP to a MySQL database. This seems possible, our email and FTP server support SQL sources and we can modify our webapps accordingly. But I still can't decide if there is a disadvantage to doing this. Hence my questions:

• What are the advantages of an LDAP over an SQL database? (For simple user database)
• Are there reasons not to use MySQL as a users database?

I couldn't find a comparable question around here. And information I find externally takes me to pages of over 10 years old.