Setup: OpenLDAP 2.4 SUSE SLES11, chaining (read only) to an AD directory I've set up a simple default pwd policy and configured it in slapd.conf: - Included the schema /etc/openldap/schema/ppolicy.schema - Under my db configuration added the entries overlay ppolicy ppolicy_default "cn=default,ou=pwpolicies,dc=niwa,dc=local" - The policy is simply: dn: cn=default,ou=pwpolicies,dc=example,dc=com cn: default ….. pwdMinLength: 8 pwdAllowUserChange: TRUE But when I run tests with too short a password the password still gets changed. No error messages. One thing I am confused about is that the documentation says to include the moduleload directive in slapd.con but I can't find any modules, the directory where they are supposed to be is empty. slapd –VVV indicates that it includes the static overlay. Any help is highly appreciated, I am quite a newby at this. Gaby -- Dr Gabriella Turek Sr. Software Engineer, Systems Development Team NIWA Auckland, New Zealand Tel: +64 9 3754645 www.niwa.co.nz NIWA - Enhancing the benefit of New Zealand’s natural resources. -- Please consider the environment before printing this email. NIWA is the trading name of the National Institute of Water & Atmospheric Research Ltd.