OpenLdap - how to enable overlay ppolicy when shadowAccounts are active?

[darek]

Hello,

I would like to enable PasswordPolicies in my OpenLdap server by adding
following lines in slapd.conf:

overlay ppolicy
ppolicy_default "cn=Default Policy,dc=dw,dc=plbyd,dc=pl"
ppolicy_hash_cleartext
ppolicy_use_lockout

Right now accounts are defined with shadowAccount attribute (I use pam_ldap
and nss_ldap).

I would like to replace the shadowAccount attributes with the operational
attribute :
pwdPolicySubentry: cn=Default Policy,dc=test,dc=pl for each account.

I would like to avoid accounts recreating but I am no sure if it is
possible.

OS is SUSE Linux Enterprise Server 10 SP2.

Is it possible to achive such a reconfiguration or should the accounts be
created from scratch after the overlay is enabled?

I would appreciate any hint, thanks.

--

darek