Rather than a user automatically inheriting the default password policy, you can assign
a user to a particular password policy by including the
ds-pwp-password-policy-dn
operational attribute in that user’s entry
with a value equal to the distinguished name (DN) of the desired password policy for
that user. This operational attribute is explicitly included in a user’s entry, or
generated by a virtual attribute, which makes it easy to apply a custom password policy
to a set of users based on a flexible set of criteria.