Should be able to configure the directory server to only allow simple bind over SSL/TLS connection, to force clear text passwords to be sent only over an encrypted channel.
Is this already covered by the patch that was commited from this discussion on the 389-devel mailing list? http://www.redhat.com/archives/fedora-directory-devel/2009-May/msg00020.html Is there anything else required here?