slapd: enable password policies

this will facilitate proper locking of accounts

roles/slapd/templates/slapd.conf.j2

@@ -12,6 +12,7 @@ include		/etc/ldap/schema/cosine.schema
 include		/etc/ldap/schema/inetorgperson.schema
 include		/etc/ldap/schema/kitchen.schema
 include		/etc/ldap/schema/misc.schema
+include		/etc/ldap/schema/namedobject.schema
 include		/etc/ldap/schema/nis.schema
 include		/etc/ldap/schema/openssh-lpk.schema
 include		/etc/ldap/schema/radius.schema
@@ -31,6 +32,7 @@ loglevel	sync
 # Load dynamic backend modules:
 modulepath	/usr/lib/ldap
 moduleload	back_mdb.la
+moduleload	ppolicy.la
 {% if slapd_role == 'master' %}
 moduleload	syncprov.la
 {% endif %}
@@ -134,6 +136,14 @@ index	mail			eq
 index	mailAlternateAddress	eq
 
 
+#######################################################################
+# Password Policies
+#######################################################################
+
+overlay ppolicy
+ppolicy_default "cn=pp-default,ou=policies,dc=binary-kitchen,dc=de"
+
+
 {% if slapd_role == 'master' %}
 #######################################################################
 # Replication