You can change the default password policy by setting server properties with the dsconf command.
Before completing this procedure, read and complete the Worksheet for Defining Password Policy.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Translate the settings from your worksheet into dsconf command property settings.
Use the dsconf set-server-prop command to change default password policy properties appropriately.
For example, the following command allows the Directory Manager to violate the default policy when modifying passwords:
$ dsconf set-server-prop -h host -p port pwd-root-dn-bypass-enabled:on |
The following command enables the policy that requires changing the password after a reset:
# dsconf set-server-prop -p 20390 pwd-must-change-enabled:on |