I think you need to have a separate container for holding your pwdPolicy. You do not store that information in your user entry.
On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:
User definition dn: uid=test,ou=orgunit,o=org objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: person objectClass: pwdPolicy loginShell: /bin/bash givenName: test sn: test-test displayName: test test-test uid: test homeDirectory: /home/test shadowFlag: 0 shadowMax: 35 shadowWarning: 7 shadowInactive: 99999 shadowExpire: 99999 cn: test test-test uidNumber: 12190 gidNumber: 25023 shadowMin: 10 pwdAttribute: userPassword
All the stuff below should be put in cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
then you put an entry in your user account as such:
pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
pwdMinAge: 30 pwdMaxAge: 120 pwdInHistory: 3 pwdMinLength: 8 pwdExpireWarning: 60 pwdLockout: TRUE pwdLockoutDuration: 60 pwdMaxFailure: 2 pwdSafeModify: TRUE shadowLastChange: 14006 pwdMustChange: FALSE userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
I hope that helps, Scott