If one is considering publishing a password from oracle(a homegrown password
self service)---is it best to:

1. simply map the password attribute in oracle to nspmdistributionpassword(I
am guessing this may not back sync nds)

2. create a notify attribute and simply pass it to a set-dest-password.
Actually this would still create that attribute in clear text in the vault.
So I think I just answered my question and will have to go with #1.