Jeroen van Aart writes:
I know about the password policy. It's a bit problematic to implement into the existing system. The main issue I remember is that I wanted to implement the policy for select groups, ou=People for example, but NOT ou=FTPusers or ou=Virtual since those accounts can't readily change the password. I couldn't find a way to do that.
For that particular proble, if by "groups" you mean LDAP subtrees: You can put ou=People in a separate database in slapd.conf and mark it as "subordinate" of its parent database so they'll be glued together and act as one database. Though since you mention synchronisation, there were or are some bugs with combining syncrepl with the glue overlay which "subordinate" makes use of. The latest 2.4.* releases including the upcoming 2.4.10 have a number of syncrepl fixes.