Le 25/01/2026 à 15:54, Felix Natter a écrit :
Dear openldap experts,
Hello,
my problem is that my ubuntu 22.04 systems do not honor password expirations (ppolicy/shadow) and ppolicy password complexities. I tried to track this down with AI:
Bad idea.
* our server does not seem to advertise the OpenLDAP ppolicy control * The ppolicy control OID that SSSD requires (only on Ubuntu, not on RH7) is: 1.3.6.1.4.1.42.2.27.9.5.1
This is indeed the official password policy control OID that you can find in the specification:
https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-11#name-controls-used-for-password-
* But your server (OpenlDAP 2.5.19) advertises only these ppolicy‑related controls(?): (ldapsearch -x -H ldap://SERVER -s base -b "" "+") supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1
Did you load the ppolicy overlay in your OpenLDAP configuration? -- Clément Oudot | Identity Solutions Manager Worteks | https://www.worteks.com
