I
have
pam_lookup_policy
yes
and a user-local
password policy for one user as a test.
If I try to change
the user's password, it updates fine in LDAP but does't warn me about the policy
restrictions (set to min 8 chars but I can use 7 no problem, for
example).
I read that PAM
needs anonymous bind access to the objectclass=passwordpolicy attrs? I
tried that but it made no difference.
The really odd thing
is that the policy object lives in:
cn=nspwpolicycontainer,ou=people,dc=blah,dc=com
but if I ldapsearch
on '(objectclass=passwordpolicy)' in the above container (or in the whole root
DSE for that matter), I find nothing,even if I bind as Directory Manager. It's
there - I can see the object in the GUI.
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407