Dear openldap experts,
my problem is that my ubuntu 22.04 systems do not honor password expirations (ppolicy/shadow) and ppolicy password complexities.
I tried to track this down with AI:
* our server does not seem to advertise the OpenLDAP ppolicy control * The ppolicy control OID that SSSD requires (only on Ubuntu, not on RH7) is: 1.3.6.1.4.1.42.2.27.9.5.1
* But your server (OpenlDAP 2.5.19) advertises only these ppolicy‑related controls(?): (ldapsearch -x -H ldap://SERVER -s base -b "" "+") supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1
* When using ldap_pwd_policy = ppolicy in /etc/sssd/sssd.conf, sssd crashes on startup
* this also does not work: ldap_pwd_policy = ppolicy ldap_ppolicy_compat = True
Is this train of thought anywhere close to useful?
Is there another reason why e.g. passwd(1) ignores password settings on Ubuntu 22.04?
Many Thanks and Best Regards, Felix