Assign access rights to the non-root admin user.
Non-root users, such as uid=admin
, with admin right privileges require
access control permission to interact with certain password policy operational
attributes when using the manage-account tool.
For example, the presence of the ds-pwp-account-disabled
operational
attribute in an entry determines that the entry is disabled. If the non-root admin user
does not have the access privilege to read or interact with the
ds-pwp-account-disabled
operational attribute, the
manage-account tool might report that the account is active. An
account is considered active if the ds-pwp-account-disabled
operational
attribute does not exist in the entry or if the admin user does not have permission to
see it.