Full_Name: Version: 2.4.26 OS: URL: Submission from: (NULL) (84.128.254.201)
slapo-ppolicy(5) says:
pwdAllowUserChange
This attribute specifies whether users are allowed to change their own passwords or not. If pwdAllowUserChange is set to "TRUE", or if the attribute is not present, users will be allowed to change their own passwords. If its value is "FALSE", users will not be allowed to change their own pass- words.
Given this text I'd expect that admins can still set the userPassword attribute. Such a policy is often used for system/machine accounts where the machine entity itself does not have to change the password but an admin should be allowed to do so.
Unfortunately if (pwdAllowUserChange=FALSE) no password change is allowed at all. slapd returns: "Insufficient access: User alteration of password is not allowed"