Say, you have a user with a normal password attribute, userPassword, and an apllication-password attribute, appPassword, that are not the same and also have a different hash-scheme.
In OpenLDAP, you can define password policies with ObjectClass pwdPolicy.
There, there is an attribute pwdAttribute where you can specify for which attribute the policy is used for. So, for my example, you could define a policy for userPassword and one for appPassword.
First: Is that right?
Second: If so, is something like this also possible for 389-ds?
