diff --git a/en_US/migrations/2-password.hashes.md b/en_US/migrations/2-password.hashes.md
index 54b9b70f..f90368c1 100644
--- a/en_US/migrations/2-password.hashes.md
+++ b/en_US/migrations/2-password.hashes.md
@@ -41,16 +41,24 @@ __NOTES__:
     * in iRedMail-0.9.0 and later versions: `SSHA512`
     * in iRedMail-0.8.7 and earlier versions: `salted MD5`
 
-* For LDAP backend: `SSHA`.
+* For LDAP backends:
+    * in iRedMail-0.9.5 and later versions:
+        * Debian 8, Ubuntu 16.04, FreeBSD: `SSHA512`
+        * RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: `SSHA`. OpenLDAP package
+          shipped in these distributions don't support SHA-2 password
+          verification by default.
+    * in iRedMail-0.9.4 and earlier versions: `SSHA`.
 
-    OpenLDAP's builtin password verification doesn't support SHA-2 password
-    hash formats directly, so if you have third-party applications which need
-    OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
+    !!! note
 
-    But if you don't have this concern, it's ok to store `SSHA512/BCRYPT`
-    hash as mail user password, then set `ldap_bind = no` in
-    `/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
-    Apache basic auth doesn't.
+        OpenLDAP's builtin password verification doesn't support SHA-2 password
+        hash formats directly, so if you have third-party applications which need
+        OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
+
+        If you don't have such concern, it's ok to store `SSHA512/BCRYPT`
+        hash as mail user password, then set `ldap_bind = no` in
+        `/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
+        Apache basic auth doesn't.
 
 ## How to use different password hashes in iRedMail
 
diff --git a/html/password.hashes.html b/html/password.hashes.html
index e969d853..97267246 100644
--- a/html/password.hashes.html
+++ b/html/password.hashes.html
@@ -77,14 +77,27 @@ prepend <code>{CRYPT}</code> prefix in password hash.</p>
 </ul>
 </li>
 <li>
-<p>For LDAP backend: <code>SSHA</code>.</p>
+<p>For LDAP backends:</p>
+<ul>
+<li>in iRedMail-0.9.5 and later versions:<ul>
+<li>Debian 8, Ubuntu 16.04, FreeBSD: <code>SSHA512</code></li>
+<li>RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: <code>SSHA</code>. OpenLDAP package
+  shipped in these distributions don't support SHA-2 password
+  verification by default.</li>
+</ul>
+</li>
+<li>in iRedMail-0.9.4 and earlier versions: <code>SSHA</code>.</li>
+</ul>
+<div class="admonition note">
+<p class="admonition-title">Note</p>
 <p>OpenLDAP's builtin password verification doesn't support SHA-2 password
 hash formats directly, so if you have third-party applications which need
 OpenLDAP's builtin password verification, you'd better use <code>SSHA</code> hash.</p>
-<p>But if you don't have this concern, it's ok to store <code>SSHA512/BCRYPT</code>
+<p>If you don't have such concern, it's ok to store <code>SSHA512/BCRYPT</code>
 hash as mail user password, then set <code>ldap_bind = no</code> in
 <code>/etc/dovecot/dovecot.conf</code>. SMTP/IMAP/POP3 services work with it, but
 Apache basic auth doesn't.</p>
+</div>
 </li>
 </ul>
 <h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>