man slapo-ppolicy, option ppolicy_hash_cleartext, says:
"It is recommended that when this option is used that compare,
search, and read access be denied to all directory users."
Huh?
It would make sense to me if it said "...when this option is *not*
used ... read access *to userPassword* be denied..."
Except that read access to userPassword should normally be denied
in any case, whether it is hashed or not.
--
Hallvard