https://bugs.openldap.org/show_bug.cgi?id=9656
--- Comment #5 from David Coutadeur david.coutadeur@gmail.com ---
"If for some reasons, any parameter is not found, it will be given its default value."
this is true for ppm parameters, not for password policy parameters. Especially, pwdCheckModule does not have default values.
when using ppm.so in OpenLDAP 2.4 the ppm.so,while included in the schema, didn't need the fully qualified pathname (I assume that the path was handled via the modulepath statement in the slapd.conf) and I don't know that that particular change is documented anywhere particularly succinctly.
I don't think ppolicy can guess any extension path... Neither in 2.4 nor in 2.5.
Either 1). slapd shouldn't start if these parameters are requirements when using ppolicy
These parameters can evolve while OpenLDAP is running. As I explained before, it is the responsability of the admin to ensure the pwdCheckModule parameter is set accordingly.
2). slapd shouldn't crash and should give a warning that default values are being used and one should verify if those defaults are valid or simply warn that ppolicy won't be used as necessary settings have not been populated.
slapd can't know any requirement about a given extended module.