Full_Name: Clément OUDOT Version: 2.4.26 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (90.9.0.93)

I have a piece of code that does this singel modify operation on OpenLDAP: * remove pwdPolicySubentry value * replace userPassword value

My password policy has pwdCheckQuality set to 2 (strict checking). My new userPassword value is {SASL}bob@example.com. But the modify operation failed with:

conn=1058 op=100 RESULT tag=103 err=19 text=Password fails quality checking policy

I was thinking than removing the pwdPolicySubentry was sufficient to disable all ppolicy constraint on the userPassword replacement in the same modify operation. Am I wrong or do I face a ppolicy overlay bug?