Zhang Weiwu <[EMAIL PROTECTED]> writes: > My checklist: > > 1. RTFM slapo-ppolicy: done, 3 times; > 2. check openldap version: 2.4, newly installed on Gentoo Linux; > 3. check ppolicy overlay successfully loaded and being used: must be, > because operational attribute like pwdFailureTime was maintained; > 4. pwdAttribute setting: correct, value is "userPassword"; > 5. pwdCheckQuality: correct, value is 2 (server always check password > syntax); > 6. pwdMinLength: correct, value is 6, server do not accept password > short than 6 character; > 7. ppolicy_default: correctly set, because change pwdMaxFailure on > default entry does have effect; > 8. the entry being operated doesn't have pwdPolicySubentry, so > default should be applied: correct; > 9. slapd server was restarted after all above check; > > Test result: Still doesn't work: > > $ldappasswd -vD uid=admin,st=jiangxi,o=LGOP -x -w secret -s 13456 > ou=吉安市,st=jiangxi,o=LGOP > ldap_initialize( <DEFAULT> ) > Result: Success (0) > > (expected not successful here because new password was too short) > > I am stuck here. Do I miss something on my checklist?
I presume that you changed userpassword as rootdn, bear in mind that rootdn bypasses all restrictions. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E
