using ppolicy and a Default User Policy, along with ppm, I achieve the ability to control password length, password history, and complexity in as much as I can regulate that users must include numbers/special characters/letters (upper and lower case).  However, what I can't find a way to add to this is to have the gecos field be checked against the password being submitted during a change to verify that a users userid and/or first or last names aren't part of the password.  Is this possible in openldap? --- Regards, Kevin Martin