Hello,I have a question related to rootdn and password policy.I understand that the rootdn can bypass all restrictions.We have a requirement to bypass a password policy for the admin user.Is there a way to create the admin user so that this user can have the same privilege as rootdn and I don't need to bind as rootdn in my application?Currently I have granted the following to the admin_user:======dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=abcdomain,dc=com" write by dn.base="uid=admin_user,ou=Service Accounts,dc=abcdomain,dc=com" write by * none olcAccess: {1}to * by self write by dn.base="cn=Manager,dc=abcdomain,dc=com" write by dn.base="uid=admin_user,ou=Service Accounts,dc=abcdomain,dc=com" write by * readAny help would be appreciated.
I have done some tests today, I did not find a solution.
I tried to give the "manage" right to a service account, and then use the relax or ManageDSAIT controls to force the change of a password which is too short, it is always rejected. The modification is only accepted if it is done by rootdn.
-- Clément Oudot | Identity Solutions Manager clement.oudot@worteks.com Worteks | https://www.worteks.com