Good afternoon, Tell me how to exclude the user's "search" from thesecurity policies

The user is located in the ou =users

Ou=policy also located in ou=users

The reason that I need to exclude the user, is that when I set the pwdMaxAge and pwdGraceAuthNLimit.

I can not log into the application at any login. In the openldap logs have a message

bdb_dn2entry("uid=search,ou=users,ou=db")

bdb_entry_get: rc=0

ppolicy_bind: Entry uid=search,ou=users,ou=db has an expired password: -39 grace logins

send_ldap_response: msgid=1 tag=97 err=49

ber_flush2: 52 bytes to sd 13

tls_write: want=73, written=73

0000: 17 03 01 00 44 c3 ec 7b f6 fb 12 85 2d 87 57 6c ....D..{....-.Wl

0010: 6c 8c 36 ec 6f d3 39 1d 91 4b 1a db 53 d6 99 0e l.6.o.9..K..S...

0020: e8 94 85 93 b0 9a 3e 38 18 ab 00 fc 0f 3f d6 b4 ......>8.....?..

0030: 39 a8 2d 8f 84 7f 46 09 90 cf 1d d2 28 a3 6e eb 9.-...F.....(.n.

0040: e8 ac f0 ad 66 44 7b 4f 47 ....fD{OG

ldap_write: want=52, written=52

0000: 30 32 02 01 01 61 07 0a 01 31 04 00 04 00 a0 24 02...a...1.....$

0010: 30 22 04 19 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 0"..1.3.6.1.4.1.

0020: 34 32 2e 32 2e 32 37 2e 38 2e 35 2e 31 04 05 30 42.2.27.8.5.1..0

0030: 03 81 01 00 ....

conn=1 op=0 RESULT tag=97 err=49 text=

If I set pwdGraceAuthNLimit to 100. I'm able to login into the application. I can not change password for user "search" :-(

Thank you

------------------------------------------------------------------------------- С уважением, Алексей Шалин

Системный Администратор Отдел системного администрирования

ЗАО "Межбанковский процессинговый центр" 720083, Кыргызская Республика г. Бишкек, ул. Ауэзова 1/2 тел.: +996 (312) 637738 (вн. 138) факс: +996 (312) 637748 e-mail: a.shalin@ipc.kg