diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 5db3a52f8..3e9b24a53 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -149,6 +149,7 @@ struct ipadb_e_data {
     bool ipa_user;
     char *entry_dn;
     char *passwd;
+    char *user;
     time_t last_pwd_change;
     char *pw_policy_dn;
     char **pw_history;
diff --git a/daemons/ipa-kdb/ipa_kdb_passwords.c b/daemons/ipa-kdb/ipa_kdb_passwords.c
index 9362f4305..adfefb3a2 100644
--- a/daemons/ipa-kdb/ipa_kdb_passwords.c
+++ b/daemons/ipa-kdb/ipa_kdb_passwords.c
@@ -53,6 +53,25 @@ static krb5_error_code ipapwd_error_to_kerr(krb5_context context,
         kerr = KADM5_PASS_Q_CLASS;
         krb5_set_error_message(context, kerr, "Password is too simple");
         break;
+    case IPAPWD_POLICY_PWD_CONSECUTIVE:
+        kerr = KADM5_PASS_Q_GENERIC;
+        krb5_set_error_message(context, kerr, "Password has repeating characters");
+        break;
+    case IPAPWD_POLICY_PWD_SEQUENCE:
+        kerr = KADM5_PASS_Q_GENERIC;
+        krb5_set_error_message(context, kerr, "Password contains a monotonic sequence");
+    case IPAPWD_POLICY_PWD_PALINDROME:
+        kerr = KADM5_PASS_Q_GENERIC;
+        krb5_set_error_message(context, kerr, "Password is a palindrome");
+        break;
+    case IPAPWD_POLICY_PWD_USER:
+        kerr = KADM5_PASS_Q_GENERIC;
+        krb5_set_error_message(context, kerr, "Password contains the user name");
+        break;
+    case IPAPWD_POLICY_PWD_DICT_WORD:
+        kerr = KADM5_PASS_Q_DICT;
+        krb5_set_error_message(context, kerr, "Password contains dictionary words");
+        break;
     default:
         kerr = KADM5_PASS_Q_GENERIC;
         break;
@@ -95,7 +114,7 @@ static krb5_error_code ipadb_check_pw_policy(krb5_context context,
     if (kerr != 0) {
         return kerr;
     }
-    ret = ipapwd_check_policy(ied->pol, passwd, time(NULL),
+    ret = ipapwd_check_policy(ied->pol, passwd, ied->user, time(NULL),
                               db_entry->expiration,
                               db_entry->pw_expiration,
                               ied->last_pwd_change,
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3f9d7dceb..197b79809 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -74,6 +74,7 @@ static char *std_principal_attrs[] = {
     "krbMaxRenewableAge",
 
     /* IPA SPECIFIC ATTRIBUTES */
+    "uid",
     "nsaccountlock",
     "passwordHistory",
     IPA_KRB_AUTHZ_DATA_ATTR,
@@ -589,6 +590,7 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
     krb5_kvno mkvno = 0;
     char **restrlist;
     char *restring;
+    char *uidstring;
     char **authz_data_list;
     krb5_timestamp restime;
     bool resbool;
@@ -839,6 +841,13 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
     }
     if (ret == 0) {
         ied->ipa_user = true;
+        ret = ipadb_ldap_attr_to_str(lcontext, lentry,
+                                     "uid", &uidstring);
+        if (ret != 0 && ret != ENOENT) {
+            kerr = ret;
+            goto done;
+        }
+        ied->user = uidstring;
     }
 
     /* check if it has the krbTicketPolicyAux objectclass */
@@ -1551,6 +1560,7 @@ void ipadb_free_principal_e_data(krb5_context kcontext, krb5_octet *e_data)
     if (ied->magic == IPA_E_DATA_MAGIC) {
 	ldap_memfree(ied->entry_dn);
 	free(ied->passwd);
+	free(ied->user);
 	free(ied->pw_policy_dn);
 	for (i = 0; ied->pw_history && ied->pw_history[i]; i++) {
 	    free(ied->pw_history[i]);
diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
index 10f128700..03d742b5c 100644
--- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
+++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
@@ -34,6 +34,10 @@ char *std_pwdpolicy_attrs[] = {
     "krbpwdmaxfailure",
     "krbpwdfailurecountinterval",
     "krbpwdlockoutduration",
+    "ipapwdmaxrepeat",
+    "ipapwdmaxsequence",
+    "ipapwddictcheck",
+    "ipapwdusercheck",
 
     NULL
 };
@@ -47,6 +51,7 @@ krb5_error_code ipadb_get_ipapwd_policy(struct ipadb_context *ipactx,
     LDAPMessage *res = NULL;
     LDAPMessage *lentry;
     uint32_t result;
+    bool resbool;
     int ret;
 
     pol = calloc(1, sizeof(struct ipapwd_policy));
@@ -117,6 +122,34 @@ krb5_error_code ipadb_get_ipapwd_policy(struct ipadb_context *ipactx,
         pol->lockout_duration = result;
     }
 
+    ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry,
+                                    "ipaPwdMaxRepeat", &result);
+    if (ret == 0) {
+        pol->max_repeat = result;
+    }
+
+    ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry,
+                                    "ipaPwdMaxSequence", &result);
+    if (ret == 0) {
+        pol->max_sequence = result;
+    }
+
+    ret = ipadb_ldap_attr_to_bool(ipactx->lcontext, lentry,
+                                  "ipaPwdDictCheck", &resbool);
+    if (ret == 0 && resbool == true) {
+        pol->dictcheck = 1;
+    }
+
+    ret = ipadb_ldap_attr_to_bool(ipactx->lcontext, lentry,
+                                  "ipaPwdUserCheck", &resbool);
+    if (ret == 0 && resbool == true) {
+        pol->usercheck = 1;
+    }
+
+    if (ret == 0) {
+        pol->max_sequence = result;
+    }
+
     *_pol = pol;
 
 done: