Le 13/04/2020 à 19:34, Hannah Chenh a écrit :
Hello, I have a question related to rootdn and password policy. I understand that the rootdn can bypass all restrictions. We have a requirement to bypass a password policy for the admin user. Is there a way to create the admin user so that this user can have the same privilege as rootdn and I don't need to bind as rootdn in my application? Currently I have granted the following to the admin_user: === dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=abcdomain,dc=com" write by dn.base="uid=admin_user,ou=Service Accounts,dc=abcdomain,dc=com" write by * none olcAccess: {1}to * by self write by dn.base="cn=Manager,dc=abcdomain,dc=com" write by dn.base="uid=admin_user,ou=Service Accounts,dc=abcdomain,dc=com" write by * read
=== Any help would be appreciated.
I have done some tests today, I did not find a solution.
I tried to give the "manage" right to a service account, and then use the relax or ManageDSAIT controls to force the change of a password which is too short, it is always rejected. The modification is only accepted if it is done by rootdn.