Hi-

I've hooked up Spring LDAP to allow users to update their own passwords within Active Directory. This works fine, except that password policy is not enforced. The password complexity check works fine, but for things like password history passwords that should be rejected aren't and update without error.

I've read through the forum and see a couple of references to policy enforcement with acegisecurity, but I'm not clear on the implementation or if it is necessary. I'm not interested in using this for auth or determining days until password expiration.

Is acegisecurity the correct package to implement for this? If so, an example would be awesome. Any help would be welcome, thanks.