I have
pam_lookup_policy yes
and a user-local password policy for one user as a test.
If I try to change the user's password, it updates fine in LDAP but
does't warn me about the policy restrictions (set to min 8 chars but I
can use 7 no problem, for example).
I read that PAM needs anonymous bind access to the
objectclass=passwordpolicy attrs? I tried that but it made no
difference.
The really odd thing is that the policy object lives in:
cn=nspwpolicycontainer,ou=people,dc=blah,dc=com
but if I ldapsearch on '(objectclass=passwordpolicy)' in the above
container (or in the whole root DSE for that matter), I find
nothing,even if I bind as Directory Manager. It's there - I can see the
object in the GUI.
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
Show replies by date