The Directory Server provides a global configuration property (disable-password-policy-evaluation) that can be used to disable most password policy evaluation processing. This provides a convenience for those production environments that do not require password policy support. If the disable-password-policy property is set to true, passwords will still be encoded and evaluated, but only account expiration and account disabling will be in effect. All other password policy properties, such as password expiration, lockout, and force change on add or reset, are ignored.

The server also supports the use of a bypass-pw-policy privilege, which can be used to skip password policy evaluation for operations on a per-user basis. If a user has this privilege, then they will be allowed to perform operations on user entries that would normally be rejected by the password policy associated with the target entry. Note that this privilege will not have any effect for bind operations.