At the moment I'm working with the Sun Java System Directory Server. I
would like to migrate to Openldap but of course without losing
functionality. I enabled pam_ldap account management on all my Linux and
Solaris computers and everything worked fine. Everyone could do
nonpassword-based logins using tools such as rsh or ssh. This feature
was provided by the "Account Usable Request Control"
(126.96.36.199.188.8.131.52.184.108.40.206) from the Directory Server which is needed by
the ldap_pam module from Solaris. After the installation from openldap
on my Solaris server I recognized that nonpassword-based logins on the
Solaris computers are not possible anymore. This problem  was
discussed 2 years ago on "openldap-software(a)openldap.org" but there was
no solution described. I would like to know if there is a way to get
this feature enabled with openldap? If not what can i do else?
Actually I think Ando's reply outlined the solution quite clearly: you will
have to implement the control and associated policy. It seems that between
then and now nobody else has felt it was worth their time to do so. This
Project is volunteer driven - things only happen when someone thinks they're
important enough that they step forward and do it. Is it important enough to you?
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/