--On Friday, June 24, 2022 8:32 PM +0200 [email protected] wrote:
Hi,
Not sure to understand but maybe my question is unclear.
My question is just to know if with an admin having "manage" role it is
possible to bypass the ppolicy check when adding a user.
Because this how it works when modifying userPassword of an already
existing user.
ADD and MOD looks working differently on userPassword attribute treatment.
a) You should not be using MOD ops on userPassword
b) You probably want to be using the RELAX control when you do the ADD op
(mark it critical)
c) I suggest updating to a current OpenLDAP 2.5 release, as there were
fixes for ppolicy in 2.5.12 that may be relevant. (ITS#9794)
Regards,
Quanah
