Hi!
In the past I was using some LDAP administrator account to reset a user's password (using "ldappasswd -H $server -x -ZZ -D $admin -W "$DN""), and the system output the new password. But after having created a special account that ist to be used to reset passwords only, the same command failed with Result: Constraint violation (19) Additional info: Password fails quality checking policy
So it seems the admin account circumvents the password policy restrictions, while the special account does not.
But the main reason I'm writing this is that the passwords generated by ldappasswd do not seem to fulfill today's requirements (too short, basically). However 2.4 is very old, and it seems the current ldappasswd does no longer create automatic passwords (reading https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/ldapp...).
Regards, Ulrich