/* FIXME: there's no easy way to ensure
 * that add does not cause multiple
 * userPassword values; one way (that
 * would be consistent with the single
 * password constraint) would be to turn
 * add into replace); another would be
 * to disallow add.
 *
 * Let's check at least that a single value
 * is being added
 */