12 Jan
2022
12 Jan
'22
8:19 a.m.
On 1/12/22 10:47, Óscar Remírez de Ganuza Satrústegui wrote:
May I suggest trying to import the backup.ldif with the default ppolicy with MaxAge=0:
dn: cn=default,ou=ppolicies,dc=example,dc=com pwdMaxAge: 0
So that it maybe will not add pwdChangedTime operational attribute automatically, and it does not conflict when importing the account objects. Afterwards, you can change pwdMaxAge of the default policy to your desire value.
I did not test the above.
But even if it would work it would not be an appropriate solution for the use-case "the admin restores a single user" without impacting general password policy enforcement.
Ciao, Michael.