I thought I could use something like "credentials={SSHA}/iiPJIZ2Srf+O0HqLIypyKYKccx9V6ag" with idassert-bind or acl-bind in configuring an ldap backend in slapd.conf, instead of including the cleartext password. But when I try that I get an "invalid credentials" error from the proxied Active Directory. I've carefully regenerated the hashed value with slappasswd and repasted the new value into my slapd.conf file, so I'm pretty sure that the hash is correct.
Is there a right way to obfuscate passwords that will be sent to a proxied AD server?
Thanks.
Steve