diff --git a/moulinette/authenticators/ldap.py b/moulinette/authenticators/ldap.py
index 57ba27b7..2812e1c2 100644
--- a/moulinette/authenticators/ldap.py
+++ b/moulinette/authenticators/ldap.py
@@ -104,7 +104,7 @@ class Authenticator(BaseAuthenticator):
             return
 
         # we aren't using sha-512 but something else that is weaker, proceed to upgrade
-        if not hashed_password["userPassword"][0].startswith("{CRYPT}$6$"):
+        if not hashed_password["userPassword"][0].startswith(b"{CRYPT}$6$"):
             self.update("cn=admin", {
                 "userPassword": _hash_user_password(password),
             })