Dear openldap experts, my problem is that my ubuntu 22.04 systems do not honor password expirations (ppolicy/shadow) and ppolicy password complexities.
I tried to track this down with AI: * our server does not seem to advertise the OpenLDAP ppolicy control * The ppolicy control OID that SSSD requires (only on Ubuntu, not on RH7) is: 1.3.6.1.4.1.42.2.27.9.5.1 * But your server (OpenlDAP 2.5.19) advertises only these ppolicy‑related controls(?): (ldapsearch -x -H ldap://SERVER -s base -b "" "+") supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 * When using ldap_pwd_policy = ppolicy in /etc/sssd/sssd.conf, sssd crashes on startup * this also does not work: ldap_pwd_policy = ppolicy ldap_ppolicy_compat = True Is this train of thought anywhere close to useful? Is there another reason why e.g. passwd(1) ignores password settings on Ubuntu 22.04? Many Thanks and Best Regards, Felix -- Felix Natter debian/rules!
