I try to allow a service account (simple user) to bypass default users password policy.
Is there any similar option than passwordRootdnMayBypassModsChecks existing for Directory Manager account ?
In my case, i try to reset a user password when the 'passwordMinAge' attribute is not outdated with this service account.
I'm using DS 5.2
Thanks in advance,
... and sorry for my bad english :)
Edited by: user1657029 on 16 août 2012 14:16
Oh sorry but my message wasn't enough specific.
The service account (which has is own pwd policy, no expiration, no lock, ...) is used for resetting all users' password of my directory (not its own password). So it must bypass the policy (specific or not) of all those users.
For exemple, the global password policy set the 'pwdMinAge' value to 2 days.
When the service account attempts to reset the password of 'Mr. X' (before the pwdMinAge delay) I have the "within password minimum age" error.
Any idea ?
Thanks for your answer chris,
Edited by: user1657029 on 17 août 2012 14:38
I think it's possible to reset the passwordAllowChangeTime user attribute just before and_ just after reseting a user password
But it's not very satisfying... :/
Edited by: user1657029 on 17 août 2012 14:57
Ah ok, I understand now.
If I recall correctly in 5.2 the only user that can do an "administrative reset" on the password is Directory Manager. That changed later, though. I'm pretty sure in 6.x or later, any reset of the password by a user other than self is considered administrative. But I'd test that out to make sure.
Directly manipulating password policy attributes becomes much more difficult after 5.x, so I wouldn't implement any process that does that now. I'd say do your administrative resets as Directory Manager for now, and test out using the admin account in a later version. Maybe it's one more reason to upgrade.