I

have tried using ppolicy, but it is not really doing anything.

I can confirm that my policy is being used by flipping the "pwdSafeModify" attribute.

When set to true, users cannot change their password and they get a message saying that they need to send both the old and new password together.

Other than that, none of the other fields seem to have any effect.

Do you have a working example of ppolicy?