I have defined openldap password policy overlay The pwdMinLength: 9
is not working, i'm still able to create user with password less < 9 character, The password Password Policy Overlay on OpenLDAP on Ubuntu 14.04
dn: cn=MyOrgPPolicy,ou=Policies,dc=zarigatongy,dc=youtube.com
cn: MyOrgPPolicy
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
The Other pilicies are working fine for example for failed attempt user get locked because of pwdMaxFailure: 4
created the user.ldif file for creating the user
dn: uid=test123,ou=Users,dc=zarigatongy,dc=youtube.com
cn: test123
mail: zarigatongy@youtube.com
objectclass: inetOrgPerson
objectclass: top
sn: test123
title: Demo User
uid: test123
userpassword: test1
Best Answer
You're supplying pwdCheckQuality=1 which will accept the password if it's unable to check it for some reason. pwdMinLength only works if the password isn't hashed. So if it's unable to check MingLength, the password will be accepted.
Most likely you're passing the server a hashed password when creating it. http://linux.die.net/man/5/slapo-ppolicy should help, specifically ppolicy_hash_cleartext