Hello,

I am using openldap 2.3.30 with the ppolicy module enabled. I have configured the policy pwdMinAge to three days, and this works.

However, I would like our administrators to be able to reset a password regardless of the policy, without resorting to the admins using the "rootdn" account.

Is there a way to write the ACL's to allow admins to modify the userPassword regardless of the pwdPolicySubentry attached to the entry?

Thanks Joe Bruni