I'm using CentOS 5 with openldap 2.3, built from SRPMS to get the overlays. The first time I tried to create policies for ppolicy, it complained about the syntax. Google led me in the right direction and I replaced "userPassword" in the ldif file with the UID, 2.5.4.35. But now the password policies are not working and I get this message in the logs:

send_search_entry: conn 102 access to attribute userPassword, value #0 not allowed

This looks like the error I saw when I tried to use ldapadd on a ppolicy ldif that contained "userPassword" instead of the UID. What do I need to do differently? Any help or guidance would be appreciated.