Just to add to this:
Passwords that I want to move to LDAP were created in 4.6.3
using:
set salt [sec_random_token]
set hashed_password [ns_sha1 "$password$salt"]
db_transaction {
set user_id [db_exec_plsql user_insert {
begin
:1 := acs.add_user(user_id => :user_id,
email => :email,
url => :url,
first_names => :first_names,
last_name => :last_name,
password => :hashed_password,
salt => :salt,
NEW LDAP/OACS is based on 5.2