Setup: OpenLDAP 2.4 SUSE SLES11, chaining (read only) to an AD directory

I've set up a simple default pwd policy and configured it in slapd.conf:

- Included the schema /etc/openldap/schema/ppolicy.schema

- Under my db configuration added the entries
overlay ppolicy
ppolicy_default         "cn=default,ou=pwpolicies,dc=niwa,dc=local"

- The policy is simply:
dn: cn=default,ou=pwpolicies,dc=example,dc=com
cn: default
…..
pwdMinLength: 8
pwdAllowUserChange: TRUE

But when I run tests with too short a password the password still gets changed. No error messages.
One thing I am confused about is that the documentation says to include the moduleload directive in slapd.con but I can't find any modules, the directory where they are supposed to be is empty. slapd –VVV indicates that it includes the static overlay.

Any help is highly appreciated, I am quite a newby at this.
Gaby



-- 
Dr Gabriella Turek
Sr. Software Engineer, Systems Development Team
NIWA Auckland, New Zealand
Tel: +64 9 3754645
www.niwa.co.nz
NIWA - Enhancing the benefit of New Zealand’s natural resources.
--
Please consider the environment before printing this email.
NIWA is the trading name of the National Institute of Water & Atmospheric Research Ltd.