You also have the option of not specifying a default policy but I’m assuming that “no policy” is your exception use case and not what you want as the default.
[cid:[email protected]]<http://www.aep.com/> JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD [email protected]<mailto:[email protected]> | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215 From: Jon C Kidder Sent: Friday, April 13, 2018 7:22 AM To: 'Tayyab Saeed'; [email protected] Subject: RE: [EXTERNAL] exempt some users from OpenLDAP password policy Once the ppolicy overlay is enabled all users will become subject to the default policy. You have 2 choices: 1. Make the default policy accommodate your less restrictive use case and apply a more restrictive policy to the users that need it. 2. Leave the default policy the more restrictive case, create a less restrictive policy for your “exception” use case and apply the less restrictive policy to users that need it. The method you choose will be driven by which use case is the “rule” and which use case is the “exception”. In either case you apply distinct policies where needed by supplying the DN of the policy in the pwdPolicySubentry attribute of the user. [cid:[email protected]]<http://www.aep.com/> JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD [email protected]<mailto:[email protected]> | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215 From: openldap-technical [mailto:[email protected]] On Behalf Of Tayyab Saeed Sent: Thursday, April 12, 2018 4:55 PM To: [email protected]<mailto:[email protected]> Subject: [EXTERNAL] exempt some users from OpenLDAP password policy This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please forward to [email protected]<mailto:[email protected]> for review. ________________________________ Dear All, I have tried modifying pwdChangedTime & facing below error modifying entry "uid=test1,ou=ITSupport,ou=people,dc=mydomain,dc=com" ldap_modify: Constraint violation (19) additional info: pwdChangedTime: no user modification allowed Thanks, Tayyab Saeed
