How to add already encrypted password to openldap

I finally got it, after a lot of trials.

The sha1 strings I have are so-called hex-digest. To get them into openldap, I first need to convert them back to binary sha1 digest and then base64 encode them.

On the command line one could do that with:

echo -n "sha1-hex-digest" | xxd -r -p | openssl enc -base64

Then the resulting string should be inserted in the ldif file this way:

userPassword: {SHA}base-64-blurb

For those interested, this could be done in Python this way:

import base64
import binascii

sha1_pwd = "your-sha1-hex-digest-here"
ldap_pwd = base64.b64encode(binascii.unhexlify(sha1_pwd)).decode('utf-8')
print("userPassword: {SHA}%s" % ldap_pwd)