2013/4/10 D C <dc12078@gmail.com>Fair enough. Ânow I'm updated$ rpm -qa |grep openldapopenldap-ltb-2.4.35-1.el6.x86_64openldap-ltb-check-password-1.1-8.el6.x86_64I dumped and reimported my database, and tried agian.ÂÂI dont see any difference.TESTS: Â Â Â Â Â Â Â Â Â Â ÂRESULT:pwdSafeModify: FALSE Â Â Â ÂPASS: Â Message: LDAP password information update failed: Insufficient access. Â Must supply old password to be changed as well as new onepwdAllowUserChange: FALSE Â PASS: Â Message: LDAP password information update failed: Insufficient access. Â User alteration of password is not allowedpwdMaxAge: 300 Â Â Â Â Â Â ÂNot Tested.pwdExpireWarning: 10 Â Â Â ÂNot Tested.pwdInHistory: 3 Â Â Â Â Â Â FAIL: Â I can still flip between 2 passwordspwdMinLength: 12 Â Â Â Â Â ÂFAIL: Â I can still set a 6 char passwordpwdMustChange: Â Â Â Â Â Â ÂFAIL: Â I am not forced to change passwd.pwdMaxFailure: 2 Â Â Â Â Â ÂFAIL: Â Still allowed in after 3 failures
Several points:
* Do not use rootdn account to test ppolicy (rootdn bypass ppolicy)
* Do not hash password before modifying it (password in SSHA cannot be verified against min size for example)
* What client do you use to test?
ClÃment.