The Directory Server provides a global configuration property (disable-password-policy-evaluation) that can disable most password policy evaluation processing, which is convenient for those production environments that do not require password policy support. If the disable-password-policy property is set to true, passwords are still encoded and evaluated, but only account expiration and account disabling is in effect. All other password policy properties, such as password expiration, lockout, and force change on add or reset, are ignored.

The server also supports the use of a bypass-pw-policy privilege, which can skip password policy evaluation for operations on a per-user basis. If a user has this privilege, then they are allowed to perform operations on user entries that would normally be rejected by the password policy associated with the target entry.


This privilege does not have any effect for bind operations.