Non-root users (e.g., uid=admin
) with admin right privileges require
access control permission to interact with certain password policy operational
attributes when using the manage-account tool.
For example, the presence of the ds-pwp-account-disabled
operational
attribute in an entry determines that the entry is disabled. If the non-root admin
user does not have the access privilege to read or interact with the
ds-pwp-account-disabled
operational attribute, the
manage-account tool may report that the account is active. An
account is considered active if the ds-pwp-account-disabled
operational attribute does not exist in the entry or if the admin user does not have
permission to see it.
Use the following procedure to give access rights to the non-root admin user.