This content has been marked as final. Show 4 replies
The simple way to do this is to make a non-default password policy and assign it to your service account.
Oh sorry but my message wasn't enough specific.
The service account (which has is own pwd policy, no expiration, no lock, ...) is used for resetting all users' password of my directory (not its own password). So it must bypass the policy (specific or not) of all those users.
For exemple, the global password policy set the 'pwdMinAge' value to 2 days.
When the service account attempts to reset the password of 'Mr. X' (before the pwdMinAge delay) I have the "within password minimum age" error.
Any idea ?
Thanks for your answer chris,
Edited by: user1657029 on 17 août 2012 14:38
I think it's possible to reset the passwordAllowChangeTime user attribute just before and_ just after reseting a user password
But it's not very satisfying... :/
Edited by: user1657029 on 17 août 2012 14:57
Ah ok, I understand now.
If I recall correctly in 5.2 the only user that can do an "administrative reset" on the password is Directory Manager. That changed later, though. I'm pretty sure in 6.x or later, any reset of the password by a user other than self is considered administrative. But I'd test that out to make sure.
Directly manipulating password policy attributes becomes much more difficult after 5.x, so I wouldn't implement any process that does that now. I'd say do your administrative resets as Directory Manager for now, and test out using the admin account in a later version. Maybe it's one more reason to upgrade.
Ok, i'll do that.
Thanks for your advice Chris