You sure you're not returning multiple password attributes from LDAP?Aki
pass_attrs = 'mail=user, userPlaintextPassword=password_noscheme, =proxy=y, =pass=%{ldap:userPlaintextPassword}, =host=%{ldap:mailstoreHost}'
I am returning the same password attribute into different fields : password_noscheme - to auth the user pass = to send plaintext password to backendThis is the only workable solution I could muster to terminate encrypted passwords on the proxy layer.
