This discussion is archived
4 Replies Latest reply: Aug 20, 2012 12:57 AM by NGauthier RSS

Allow Password Policy Violation with simple user

NGauthier Newbie
Currently Being Moderated
Hi,

I try to allow a service account (simple user) to bypass default users password policy.
Is there any similar option than passwordRootdnMayBypassModsChecks existing for Directory Manager account ?

In my case, i try to reset a user password when the 'passwordMinAge' attribute is not outdated with this service account.
I'm using DS 5.2

Thanks in advance,

... and sorry for my bad english :)

Edited by: user1657029 on 16 août 2012 14:16
  • 1. Re: Allow Password Policy Violation with simple user
    802907 Journeyer
    Currently Being Moderated
    The simple way to do this is to make a non-default password policy and assign it to your service account.

    http://docs.oracle.com/cd/E19850-01/816-6698-10/useracct.html#15780
  • 2. Re: Allow Password Policy Violation with simple user
    NGauthier Newbie
    Currently Being Moderated
    Oh sorry but my message wasn't enough specific.

    The service account (which has is own pwd policy, no expiration, no lock, ...) is used for resetting all users' password of my directory (not its own password). So it must bypass the policy (specific or not) of all those users.

    For exemple, the global password policy set the 'pwdMinAge' value to 2 days.
    When the service account attempts to reset the password of 'Mr. X' (before the pwdMinAge delay) I have the "within password minimum age" error.

    Any idea ?

    Thanks for your answer chris,

    Edited by: user1657029 on 17 août 2012 14:38

    I think it's possible to reset the passwordAllowChangeTime user attribute just before and_ just after reseting a user password
    But it's not very satisfying... :/

    Edited by: user1657029 on 17 août 2012 14:57
  • 3. Re: Allow Password Policy Violation with simple user
    802907 Journeyer
    Currently Being Moderated
    Ah ok, I understand now.

    If I recall correctly in 5.2 the only user that can do an "administrative reset" on the password is Directory Manager. That changed later, though. I'm pretty sure in 6.x or later, any reset of the password by a user other than self is considered administrative. But I'd test that out to make sure.

    Directly manipulating password policy attributes becomes much more difficult after 5.x, so I wouldn't implement any process that does that now. I'd say do your administrative resets as Directory Manager for now, and test out using the admin account in a later version. Maybe it's one more reason to upgrade.
  • 4. Re: Allow Password Policy Violation with simple user
    NGauthier Newbie
    Currently Being Moderated
    Ok, i'll do that.

    Thanks for your advice Chris

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points