I have an openldap with ppolicy on SSHA-512. When clear text password is sent from client, the password will be stored as SSHA-512, fine.
My problem appears, once already hashed password is send e.g SHA, SSHA, or even SSHA-512, the hashed value is hashed again, on SSHA-512.
I have configured my ppolicy with: olcPPolicyHashCleartext: TRUE
Isn't openldap ppolicy supposed to distinguish between above cases and trigger only when clear text is sent?