Hi btb, and anyone else interested,
It's been a while, but I finally dusted this off and had a go at getting the second half done. If you're able to bang on this a bit in a test environment and let me know about any bugs that fall out, I'd be grateful. Still going to do a bit of cleanup and more testing before I send it to the ITS.
ITS#8079 (already in RE24): ftp://ftp.openldap.org/incoming/20150313_rtandy_nssov-fix-compare-for-usergroup.patch ITS#8080 (under review, subject to change): ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-require-old-password-unless-pwdmgr.patch ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-only-allow-root-to-become-pwdmgr.patch ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-allow-user-pwmod-without-pwdmgr-configured.patch updates for nss-pam-ldapd 0.9.x: ftp://ftp.openldap.org/incoming/20150317_rtandy_WIP_nssov-update-nss-pam-ldapd-files-to-0.9.4.patch ftp://ftp.openldap.org/incoming/20150317_rtandy_WIP_nssov-update-to-protocol-version-2.patch
thanks, Ryan