https://bugs.openldap.org/show_bug.cgi?id=9571
--- Comment #1 from Ondřej Kuzník <[email protected]> --- Behera v8 already specifies these requirements e.g. in 4.2.6 [0], just that ppolicy never implemented them. Also an application can: - have its identity set to "manage"/"write" accordingly so it is/not considered "password administrator" in the eyes of the draft - write the relevant attributes (pwdReset, ...) in the same operation overriding the defaults Requiring the application to use the relax control to change certain attributes is not reversible AFAIK, which is why this was not done in 2.4... Should we need to change any of this, we need to have a wider look at what it is we are trying to accomplish and how we want to do it. [0]. https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-08#section-4.2.6 -- You are receiving this mail because: You are on the CC list for the issue.
