Guillaume.Rousse@inria.fr wrote:

Full_Name: Guillaume Rousse Version: 2.4.11 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.55.250.67)

When using password policy, with pwdCheckQuality set to 1, ppolicy accept to change the password of a user to special values such as {SASL} without complaining.

However, trying to use {K5KEY} instead doesn't work, as it doesn't satisfy quality checking: ldap_modify: Constraint violation (19) additional info: Password fails quality checking policy

This is not a bug; ppolicy quality checking only works when a plaintext password is provided. The fact that you saw "{SASL}" work is probably just a coincidence, i.e., --enable-spasswd is not set by default in configure, so "{SASL}" is just treated as a plaintext string, not a password scheme.