My mistake.  I've had password policies on my mind so much lately, that I have been mostly focusing on the password strength portion of it, which I realize is not part of ppolicy itself.

I'm going through each attribute right now to do a thorough test of what is working and / or not working.

Server is openldap 2.4.23



Thanks,
Dan


On Wed, Apr 10, 2013 at 9:14 AM, Clément OUDOT <clem.oudot@gmail.com> wrote:


2013/4/10 D C <dc12078@gmail.com>
I
have tried using ppolicy, but it is not really doing anything.
I can confirm that my policy is being used by flipping the "pwdSafeModify" attribute.

When set to true, users cannot change their password and they get a message saying that they need to send both the old and new password together.

Other than that, none of the other fields seem to have any effect.

Do you have a working example of ppolicy?

Are you sure your are not using the root account (rootdn) to change the password?

What version of OpenLDAP are you using?

Clément.