I looking to replace RDBMS with openldap as datastore for one of the product. One blocker we have is handling the password migration.


The password is stored in hashed format in RDBMS. However, I am not able to get the password migrated.


My goal is to migrate the data from RDBMS to OpenLDAP but without asking the end user to reset or change their password post the migration.



  1. Do we have any way to intercept the ldap bind verification and put my own logic?
  2. Do we have any way to modify or customize the password hash calculation that is used by opendlap during LDAP bind.
  3. Any other suggestion?