come@opensides.be wrote:

I'm not sure I understand the outcome of the discussion here, why i s 1.3.6.1.4.1.42.2.27.8.5.1 absent from the supportedControl returned by the rootDSE? (1.3.6.1.4.1.42.2.27.8.5.1 being LDAP_CONTROL_PASSWORDPOLICYREQUEST) This prevents client to know that the server supports ppolicy.

Frankly I can't imagine how to make it more clear than I already did. Please re-read my follow-up here:

https://www.openldap.org/its/index.cgi?findid=8208#followup2

Especially note that the original poster did *not* mention OID 1.3.6.1.4.1.42.2.27.8.5.1 to be missing. (It's present in all my OpenLDAP servers.) The original poster asked for another outdated password policy mechanism.

Ciao, Michael.