It looks like you have some conflicting arguments in your ldif, not sure if that matters. Is this a copy and paste ldif or did you have to type it by hand?
The ones that stand out are
pwdMaxAge: 60
pwdMaxAge: 0 - means that passwords will not expire
pwdMinLenght: 5 - misspelled
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of cbulist
Sent: Monday, August 27, 2012 4:30 PM
To: openldap-technical@openldap.org
Subject: Configuring ppolicy problem
Hi,
I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and pwdWarning (I am able to login when my password is suppose to be expired) I tried with shadowAccount instead of PwdPolicy and It is working well.
This is my relevant setting in slapd.conf
include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=sample,dc=com"
ppolicy_use_lockout
My ldip file is:
objectClass: organizationalUnit
objectClass: top
ou: policies
dn: cn=default,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: default
pwdAttribute: userPassword
sn: dummy
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 50
pwdFailureCountInternal: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: FALSE
pwdLockDuration:0
pwdMaxAge: 60
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLenght: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
dn: cn=user1,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: pwdPolicy
objectClass: shadowAccount
cn: user1
pwdAttribute: userPassword
gidNumber: 501
homeDirectory: /home/user1
sn: test
uid: user1
uidNumber: 501
pwdAllowUserChange: TRUE
pwdAge: 20
pwdExpireWarning: 15
userPassword: XXXXX
Thanks in advance!