[sk5t]

If you're really married to the idea of "keep different hash-functions of the password ( ldap supports this)" then I think you are going to have a tough time without really digging into candidate products' customization hooks or considering some manner of virtual directory. IME maintaining multiple password hashes is not at all a common LDAP server feature. Many products will stand in your way of exporting password hashes (just try and wrest this info from Active Directory or Auth0) and you may not be able to control the hash algorithm besides.