Once the ppolicy overlay is enabled all users will become subject to the 
default policy.  You have 2 choices:


1.       Make the default policy accommodate your less restrictive use case and 
apply a more restrictive policy to the users that need it.

2.       Leave the default policy the more restrictive case, create a less 
restrictive policy for your “exception” use case and apply the less restrictive 
policy to users that need it.

The method you choose will be driven by which use case is the “rule” and which 
use case is the “exception”.  In either case you apply distinct policies where 
needed by supplying the DN of the policy in the pwdPolicySubentry attribute of 
the user.

[cid:image001.png@01D3D2F6.EE048DE0]<http://www.aep.com/>

JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD
jckid...@aep.com<mailto:jckid...@aep.com> | D:614.716.4970
1 RIVERSIDE PLAZA, COLUMBUS, OH 43215


From: openldap-technical [mailto:openldap-technical-boun...@openldap.org] On 
Behalf Of Tayyab Saeed
Sent: Thursday, April 12, 2018 4:55 PM
To: openldap-technical@openldap.org
Subject: [EXTERNAL] exempt some users from OpenLDAP password policy

This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN 
attachments. If suspicious please forward to 
incide...@aep.com<mailto:incide...@aep.com> for review.

________________________________
Dear All,

I have tried modifying pwdChangedTime & facing below error
 modifying entry
 "uid=test1,ou=ITSupport,ou=people,dc=mydomain,dc=com"
 ldap_modify: Constraint violation (19)
     additional info: pwdChangedTime: no user modification allowed
Thanks,
Tayyab Saeed

Reply via email to