I have pam_lookup_policy yes and a user-local password policy for one user as a test. If I try to change the user's password, it updates fine in LDAP but does't warn me about the policy restrictions (set to min 8 chars but I can use 7 no problem, for example). I read that PAM needs anonymous bind access to the objectclass=passwordpolicy attrs? I tried that but it made no difference. The really odd thing is that the policy object lives in: cn=nspwpolicycontainer,ou=people,dc=blah,dc=com but if I ldapsearch on '(objectclass=passwordpolicy)' in the above container (or in the whole root DSE for that matter), I find nothing,even if I bind as Directory Manager. It's there - I can see the object in the GUI. PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20061110/b0c13900/attachment.html
