When configuring the OpenLDAP directory connector connection configuration in Crowd, there is a section labeled "password encryption" (which should be re-labeled password hashing btw)...
When one has a directory connection for OpenLDAP how does authn in crowd actually work?
1) Is crowd just doing an LDAP bind against the target directory and letting the ldap server handle the hash comparison internally?
OR
2) is crowd loading the LDAP record's userPassword attribute and doing its own hash and comparison within crowd itself?
I see the "password encryption" available options are DES, MD5, PLAINTEXT, SHA, SSHA. What effect does changing this option affect?
If the authn method is (1) above, why is this even relevant unless crowd is mutating users in the configured LDAP?
Why is the list of options for "password encryption" limited to this set of algorithms. When OpenLDAP supports many more than this. What decides what shows up in this list?
