You also have the option of not specifying a default policy but I’m assuming that “no policy” is your exception use case and not what you want as the default.
[cid:image001.png@01D3D2F8.96CC7360]http://www.aep.com/
JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD JCKIDDER@AEP.COMmailto:JCKIDDER@AEP.COM | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215
From: Jon C Kidder Sent: Friday, April 13, 2018 7:22 AM To: 'Tayyab Saeed'; openldap-technical@openldap.org Subject: RE: [EXTERNAL] exempt some users from OpenLDAP password policy
Once the ppolicy overlay is enabled all users will become subject to the default policy. You have 2 choices:
1. Make the default policy accommodate your less restrictive use case and apply a more restrictive policy to the users that need it.
2. Leave the default policy the more restrictive case, create a less restrictive policy for your “exception” use case and apply the less restrictive policy to users that need it.
The method you choose will be driven by which use case is the “rule” and which use case is the “exception”. In either case you apply distinct policies where needed by supplying the DN of the policy in the pwdPolicySubentry attribute of the user.
[cid:image001.png@01D3D2F8.96CC7360]http://www.aep.com/
JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD JCKIDDER@AEP.COMmailto:JCKIDDER@AEP.COM | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Tayyab Saeed Sent: Thursday, April 12, 2018 4:55 PM To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org Subject: [EXTERNAL] exempt some users from OpenLDAP password policy
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please forward to incidents@aep.commailto:incidents@aep.com for review.
________________________________ Dear All,
I have tried modifying pwdChangedTime & facing below error modifying entry "uid=test1,ou=ITSupport,ou=people,dc=mydomain,dc=com" ldap_modify: Constraint violation (19) additional info: pwdChangedTime: no user modification allowed Thanks, Tayyab Saeed
