The Directory Server provides a global configuration
disable-password-policy-evaluation) that can be used to disable
most password policy evaluation processing. This provides a convenience for those production
environments that do not require password policy support. If the
disable-password-policy property is set to true, passwords will still be
encoded and evaluated, but only account expiration and account disabling will be in effect.
All other password policy properties, such as password expiration, lockout, and force change
on add or reset, are ignored.
The server also supports the use of a
bypass-pw-policy privilege, which can
be used to skip password policy evaluation for operations on a per-user basis. If a user has
this privilege, then they will be allowed to perform operations on user entries that would
normally be rejected by the password policy associated with the target entry. Note that this
privilege will not have any effect for bind operations.