Implement password operation checks and key material generation for the
ldap add and modify operation performed on the userPassword attribute.
Add helper functions to reduce code duplication.
Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)