>Does openldap internally do password controls? No. >Is there a way to have the ACL or ACI manage password controls? No. >Password controls means: >expiring password after certain number of days, requiring minimum of x >characters/letters/numbers, etc. etc. You authentication system must manage this, there are certainly attributes defined to *store* the relevant information.