robert.brooks@reporo.com wrote:

Full_Name: Robert Brooks Version: openldap-2.4.41 OS: Ubuntu 14.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (38.99.38.134)

Hi,

with ppolicy overlay loaded (and functioning) the following root DSE is:

I believe this is why the following pam_ldap config:

# Search the root DSE for the password policy (works # with Netscape Directory Server) pam_lookup_policy yes

does not make pam_ldap to interact with password policies against when configured in openldap.

No. That controls compatibility with the obsolete/non-standard Netscape-specific password policy attributes.

But pam_ldap itself is also obsolete. Pretty sure Ubuntu ships with nslcd and nss-pam-ldapd now.