LDAP clients must never transmit pre-encoded passwords to the directory server - passwords must always be transmitted in the clear over a secure connection because modern, professional-quality directory servers can perform password quality checks and password history checks only when presented with a clear-text password.

If PHP supports extended operations and extended responses, then the password modify extended operation (which requires the existing password and can generate a password if no new password is supplied) is supported. I am no PHP expert, but I believe that set_option can be used for controls (which are attached to an operation), but I do not know if PHP supports LDAP extended operations.

If you're handling the encryption of the password on your side, then yes you can hash it to what encryption method you want.

For MD5: $pass_ldap = '{MD5}' . base64_encode(pack('H*', md5($pass)));

For SHA-1: $pass_ldap = '{SHA}' . base64_encode(pack('H*', sha1($pass)));

You would then use ldap_modify to update an existing users password or ldap_add to add a new user with the encrypted password.

I have done this and I think the LDAP server uses the "{}" value to determine what format is being used.

Just for anyone stumbling across this question: In PHP > 7.0, it is indeed possible to perform an LDAP Extended Operation. For general Info about ExOps in PHP see the PHP reference.

There is also a function specifically for the password change operation (also taken from the PHP reference):

ldap_exop_passwd($ds, "uid=youruser,ou=People,dc=example,dc=com", "oldpasswd", "secureNewPassword");

Where $ds is an LDAP link identifier, returned by ldap_connect().