People don't look at or study the configurations on OpenLDAP servers they "inherit". They rely on briefings, etc. Folk Wisdom.
We're dealing with a situation like that. People describe the artifacts they see lying around and the conversations they've had with people in the culture and demand that we "Take Care of That". We review the artifacts but "taking care of that" almost always means doing something to the configuration to "Make It Happen".
Oddly, when we look at the configuration, carefully, the situation becomes clear. The received wisdom is simply wrong. That password quality checker in the repository somewhere compiles and MUST HAVE BEEN RUNNING is not wired in via the 'ppolicy' overlay's configuration stanza. NOT!!!
You think they'd believe you?
Nope. Not this time.