It is not that simple. RFC-2307 describes hashing schemes, but not {CLEARTEXT), man slapd.conf(5) mentions {CLEARTEXT} as password-hash. http://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html only refers to hashed userpassword values. DIGEST-MD5 is a SASL mechanism which requires a cleartext password, thus a hashing scheme of {CLEARTEXT} is valid for a SASL mechanism.
I consider this a bug.
{CLEARTEXT} was introduced as a means for configuring the server for userPassword values with no hash scheme (e.g., cleartext), it's not expected to appear in userPassword.
-- Kurt
|