...
- If a userpassword is set by an LDAP client in plain text, a message digest algorithm should be applied to the value, and the one-way encrypted value should be stored
- the algorithm should be applied if new entries are created or existing entries are modified (hence modify and add operations will be intercepted)
- If the value given by the client is already provided in hashed form, nothing happens, and the given value is stored in the directory without modification
...