with ppolicy overlay loaded (and functioning) the following root DSE
specifilllly line 12 (and maybe line 40).
It's a bit hard to follow line number references in a web page. :-/
But I guess you mean the OIDs coming from draft-vchu-ldap-pwd-policy .=
Note that AFAIK OpenDJ supports old draft-vchu-ldap-pwd-policy which is v=
outdated and not supported by LDAP servers without Netscape roots.
slapo-ppolicy implements draft-behera-ldap-password-policy .
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
does not make pam_ldap to interact with password policies against when
configured in openldap.
Using pam_ldap is NOT recommended nowadays for a bunch of reasons. Use
nss-pam-ldapd, sssd or OpenLDAP's slapo-nssov. AFAIK all of them support
But such usage discussion belong on the openldap-technical mailing list a=
not in the ITS.