...
- The default hash algorithm MD5 is considered weak.
- Exception handling is poor. E.g. is if someone configures an unsupported hash algorithm, the interceptor fails to create an appropriate LDAP error.
- If a multivalued password attribute is used, the interceptor will simply ignore that fact (does not apply to userPassword as of RFC 2256).
Further reading
Learn more about interceptors in ApacheDS Architecture Documentation, check out the source code of some implementations of the Interceptor interface, and/or read the javadoc comments.