Please post your follow-ups on the mailing list so others can respond and learn as well.
Suneet Shah wrote:
So if create a user and then set the password on an existing user then, the password-hash attribute will work? And I can send the password to OpenLDAP in clear text?
Yes.
Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server.
I am curious - if the client hashes the password, in my case it would be my java program, how will openldap use that hashed password during authentication?
Wouldnt both (openldap and my java program) need to have the salt used for hashing? And in this case, only my java program would have that salt.
The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.