My mistake. I've had password policies on my mind so much lately, that I have been mostly focusing on the password strength portion of it, which I realize is not part of ppolicy itself.
I'm going through each attribute right now to do a thorough test of what is working and / or not working.
Server is openldap 2.4.23
Thanks, Dan
On Wed, Apr 10, 2013 at 9:14 AM, Clément OUDOT clem.oudot@gmail.com wrote:
2013/4/10 D C dc12078@gmail.com
I have tried using ppolicy, but it is not really doing anything. I can confirm that my policy is being used by flipping the "pwdSafeModify" attribute.
When set to true, users cannot change their password and they get a message saying that they need to send both the old and new password together.
Other than that, none of the other fields seem to have any effect.
Do you have a working example of ppolicy?
Are you sure your are not using the root account (rootdn) to change the password?
What version of OpenLDAP are you using?
Clément.