Implement password operation checks and key material generation for the
    ldap add and modify operation performed on the userPassword attribute.
    
    Add helper functions to reduce code duplication.
    
    Do not enforce encrypted connections on ldap add/ldap mod for compatibility
    reasons. (We cannot enforce people not to send the password in the clear
    anyway, we can only refuse to accept it at the most which does not gain
    you much if someone then re-send you the same password previously exposed)