Yes, that should be a "dn:" at the top of the ldif file, not an "n:". I'll review the list for issues with OpenLdap 2.4.23 on Centos 6.4. Any thoughts on my specific issue? Its killing me, been chasing it for days. Feels like the policy/schema isn't loading at all.
Well, if the schema wasn't loaded, you would get an error about the fact that the various ppolicy attributes didn't exist, not that the value for one of the attributes was incorrect.
<http://stackoverflow.com/questions/5577660/openldap-is-that-possible-to-use-userpassword-instead-of-2-5-4-35-for-pwdat> would imply that you are correct about the policy module itself not being loaded.
Have you verified ppolicy.la exists in /usr/lib64/openldap?As an aside, you may want to check out the LTB packages as an easy way to upgrade to a current release of OpenLDAP: <http://ltb-project.org/wiki/download#openldap>
They install into their own location separate from the system libraries etc. --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration