Hmm - If I enable password syntax checking globally, it works - ldappasswd applies the policy and so does PAM via pam_ldap. If it's a local policy on a subtree or user, it doesn't? I have checked and the cn=config "nsslapd-pwpolicy-local" is set to "on" so it should be applying local password policies. Do I have to enable the password syntax checking at a global level (possibly with no actual restrictions) and then overide it at the local level? PK -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
