Not that easy to find out how all the things should be done :) I put in the title that we store passwords in LDAP database hashed by SHA1. According to my knowledge, LDAP won't return the "known good" password. Is that correct?