[CentOS] Anyone using pam_ldap ? need clarifications

Fri Dec 8 09:53:43 UTC 2006
kadafax <kadafax at gmail.com>

Hi list,
I'm using a SSH gateway where our users are authenticated against an 
openldap server. It's working great and the users can also change their 
password with the 'passwd' command.
My problem is that recently I've tested our users's password for weak 
entries (with john the ripper) and found that all the password changed 
with 'passwd' and thus pam_ldap where stored in the directory in 
cleartext form instead of SSHA. I have "password-hash {SSHA}" in 
slapd.conf and though that means that SSHA hashes was enforced for all 
stored password. Both servers are Centos 4.4 fully updated and 
everything came from standard repositories.
Is there someone who manage to use pam_ldap and the use of the 'passwd' 
command result in a SSHA hashed's password in the directory?
Thanks,
kfx