Hmm, I wonder if PAM and ldappasswd are not finding the policies as a
result of this? There is nothing interesting in the access log - I can
see the extop password operation line but it doesn't say anything about
the filter used to look for password policy objects? Is there perhaps a
way to include ldapSubEntry objects in normal searches?
The server enforces the policy internally, and (at least in theory) all the
code paths that modify passwords should be calling the same policy
checking function. So ldappasswd, ldapmodify and the GUI should see
exactly the
same policy. If you turn up the logging level you might see more
interesting output (in the errors log, not the access log, which is always
quite terse).
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
