The PingDirectory server does not store passwords in the clear.
Whenever a password is set through an add operation, a modify operation, or a password modify extended operation, and when clear-text passwords are included in entries imported from LDIF, the server uses a component called a password storage scheme to encode that password. Whenever a client attempts a password-based bind, the password storage scheme determines whether the password included in the bind request matches one stored in the user’s entry.
The server allows users to authenticate with passwords encoded using any scheme
that the server supports. However, when storing new passwords, it uses the
default-password-storage-scheme
property in the password policy
configuration to determine which scheme to use when encoding that password. Although it
is technically possible to have multiple default schemes enabled simultaneously within
the same password policy, only enable one scheme at a time unless you need to
synchronize encoded passwords to multiple different systems that require different
encodings.