My mistake. I've had password policies on my mind so much lately, that I have been mostly focusing on the password strength portion of it, which I realize is not part of ppolicy itself.
I'm going through each attribute right now to do a thorough test of what is working and / or not working. Server is openldap 2.4.23 Thanks, Dan On Wed, Apr 10, 2013 at 9:14 AM, Clément OUDOT <[email protected]> wrote: > > > 2013/4/10 D C <[email protected]> > >> I >> have tried using ppolicy, but it is not really doing anything. >> I can confirm that my policy is being used by flipping the >> "pwdSafeModify" attribute. >> >> When set to true, users cannot change their password and they get a >> message saying that they need to send both the old and new password >> together. >> >> Other than that, none of the other fields seem to have any effect. >> >> Do you have a working example of ppolicy? >> > > Are you sure your are not using the root account (rootdn) to change the > password? > > What version of OpenLDAP are you using? > > Clément. >
