otppin=userstore for OpenLDAP userstore

Currently I am testing PrivacyIDEA authentication. In PrivacyIDEA, I have setup an LDAP resolver pointing to an OpenLDAP server and enrolled a HOTP token for a test user. When I set up the otppin policy to “none” or “tokenpin” the authentication is successful, no issues. But when it is set to “userstore”, I enter my OTP as the following: (LDAP password + OTP), the authentication fails. I did read a similar post about this issue (Login with userstore password), the only difference is that in that post they are using an SQL resolver.

My question is, does this function only work with userPassword attributes hashed with specific algorithms only? or am I misunderstanding how PrivacyIdea authenticates the LDAP password provided by the user?

privacyIDEA verifies the user password the way you configure it in the LDAP resolver.
This can be simple or very complex. See 5.1. UserIdResolvers — privacyIDEA 3.10dev1 documentation

Depending on LDAP server configuration this can also work or not work.