SSSD looking for password policy: "unrecognized control"

Hi,

I am attempting to have SSSD do logins to my OpenLDAP 2.6.3 installation, however, I get "permission denied" when trying to log in because SSSD is asking for a password policy, which the server does not appear to have by default. Notably, we don't really care what "policy" the server will claim to have, because password authentication is delegated via SASL to another server which ensures strong passwords. So I just need something that will "get past" whatever checks SSSD is doing. What LDIF config can I add to my configuration to allow SSSD to let users log in properly?

The error from `journalctl -u slapd` is shown below:

Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 fd=11 ACCEPT from IP=10.8.8.202:41516 (IP=0.0.0.0:389) Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SRCH attr=* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion> Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=0 SEARCH RESULT tag=101 err=0 qtime=0.000020 etime=0.000271 nentries=1 text= Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 BIND dn="cn=admin,dc=clab,dc=lab" method=128 Nov 01 18:16:58 ldapserver00 slapd[105481]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 BIND dn="cn=admin,dc=clab,dc=lab" mech=SIMPLE bind_ssf=0 ssf=0 Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=1 RESULT tag=97 err=0 qtime=0.000028 etime=0.000136 text= Nov 01 18:16:58 ldapserver00 slapd[105481]: get_filter: conn 2239 unknown attribute type=sudoHost (17) Nov 01 18:16:58 ldapserver00 slapd[105481]: get_ssa: conn 2239 unknown attribute type=sudoHost (17) Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SRCH base="ou=users,dc=clab,dc=lab" scope=2 deref=0 filter="(&(?objectClass=sudoRole)(|(&(!(?sudoHost=*))(cn=de> Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SRCH attr=objectClass objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAs> Nov 01 18:16:58 ldapserver00 slapd[105481]: conn=2239 op=2 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000326 nentries=0 text=

TIA!