Hi Kevin, The ITS system is for reporting defects in OpenLDAP, and the symptoms you are describing are not indicative of that. The OpenLDAP team will probably close this ITS with a comment to that effect.
The 'passwd' command is an OS tool, not part of OpenLDAP. Its interaction with OpenLDAP is through the pam_ldap module, and the conifguration of that module is most likely where your problem lies. I suggest posting this question on the pam_ldap mailing list that is operated by PADL, or requesting support from your OS vendor (RedHat?). Cheers, -Matt -- Matthew Hardin Symas Corporation - The LDAP Guys http://www.symas.com [EMAIL PROTECTED] wrote: > Full_Name: Kevin Xie > Version: 2.3.39 > OS: RHEL 4 update 3 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (147.21.16.3) > > > I am testing ppolicy on OpenLDAP 2.3.39 and 2.3.38. > When user password expired, LDAP forced user to change password using > "passwd", > it bypassed all the ppolicy settings, like, PwdMinLength, PwdInHistory. > Is there a way to force "passwd" to check LDAP ppolicy like "ldappasswd" > does? > Is it because "passwd" and "ldappasswd" using different encryption methods? > > I've uploaded ppolicy and slapd.conf in khxie_ppolicy.txt. > I've google searched the issue and didn't find any anwser. > > Thanks for your help. > > Kevin Xie > > > . > >
