Someone has installed the smbk5pwd module into our ldap system used by our Keycloak instance. They wish to share the ldap service with another system that needs the samba password hash attributes. Unfortunately this means I now need keycloak to perform the ldap v3 password modify extended operation. I've hacked this into our current user federation provider (which apparently extends the in-built ldap one), by having the provider implement `CredentialInputUpdater`, and everything is working within the realms of our tests. What I am interested in, is if there is already usable work out there in having Keycloak use the password modify extended operation? and/or how other people have integrated similar requirements (ldap password modify extended operation, or samba/extra password hashes in ldap) - without extending too much of Keycloak (I was sooo close to removing our custom user federation provider) :p Cheers, Gary