bug in rlm_ldap authorization password handling?