You also have the option of not specifying a default policy but I’m assuming that “no policy” is your exception use case and not what you want as the default.
|
|
JON C KIDDER
|
MIDDLEWARE ADMINISTRATOR LEAD
|
From: Jon C Kidder
Sent: Friday, April 13, 2018 7:22 AM
To: 'Tayyab Saeed'; openldap-technical@openldap.org
Subject: RE: [EXTERNAL] exempt some users from OpenLDAP password policy
Once the ppolicy overlay is enabled all users will become subject to the default policy. You have 2 choices:
1.
Make the default policy accommodate your less restrictive use case and apply a more restrictive policy to the users that need it.
2.
Leave the default policy the more restrictive case, create a less restrictive policy for your “exception” use case and apply the less restrictive
policy to users that need it.
The method you choose will be driven by which use case is the “rule” and which use case is the “exception”. In either case you apply distinct policies where
needed by supplying the DN of the policy in the pwdPolicySubentry attribute of the user.
|
|
JON C KIDDER
|
MIDDLEWARE ADMINISTRATOR LEAD
|
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Tayyab Saeed
Sent: Thursday, April 12, 2018 4:55 PM
To: openldap-technical@openldap.org
Subject: [EXTERNAL] exempt some users from OpenLDAP password policy
|
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please forward to
incidents@aep.com for review. |
Dear All,
I have tried modifying pwdChangedTime & facing below error
modifying entry
"uid=test1,ou=ITSupport,ou=people,dc=mydomain,dc=com"
ldap_modify: Constraint violation (19)
additional info: pwdChangedTime: no user modification allowed
Thanks,
Tayyab Saeed