Setup: OpenLDAP 2.4 SUSE SLES11, chaining (read only) to an AD directory

I've set up a simple default pwd policy and configured it in slapd.conf:

- Included the schema /etc/openldap/schema/ppolicy.schema

- Under my db configuration added the entries overlay ppolicy ppolicy_default "cn=default,ou=pwpolicies,dc=niwa,dc=local"

- The policy is simply: dn: cn=default,ou=pwpolicies,dc=example,dc=com cn: default ….. pwdMinLength: 8 pwdAllowUserChange: TRUE

But when I run tests with too short a password the password still gets changed. No error messages. One thing I am confused about is that the documentation says to include the moduleload directive in slapd.con but I can't find any modules, the directory where they are supposed to be is empty. slapd –VVV indicates that it includes the static overlay.

Any help is highly appreciated, I am quite a newby at this. Gaby

-- Dr Gabriella Turek Sr. Software Engineer, Systems Development Team NIWA Auckland, New Zealand Tel: +64 9 3754645 www.niwa.co.nz NIWA - Enhancing the benefit of New Zealand’s natural resources. -- Please consider the environment before printing this email. NIWA is the trading name of the National Institute of Water & Atmospheric Research Ltd.