After upgrading from 389 version 1.2.11.15-33.el6_5.x86_64 to
1.2.11.15-97.el6_10.x86_64, we're finding that the Directory Manager
account can bypass configured password policies and set user passwords to
anything. I believe this is now by design, but is there a configuration
file flag to revert to the previous behavior where Directory Manager needed
to conform to the password policy?
If not, how do we create a user account in 389 ldap server with rights to
check and update user password hashes, and still enforce configured
password policies?
Please advise