We have a service desk account that I created in our LDAP that has the ability to add/delete/modify all our user accounts. Except that now that we have password policy in place, it can no longer modify our user account passwords. I have confirmed that the password changes that it is doing conform to our password policy, but every time it comes back with constraint violation. But I can do anything with password changes as directory manager. One thing that I haven't confirmed is whether the accounts that they are trying to change are accounts that have expired. So does anyone know if an account has locked, can only directory manager change the password at that point? Or does anyone know what attributes I would need to have on my servicedesk account to allow it to change these passwords now? I don't want to give them directory manager if I can avoid it but I need to find some way to let them override password policy! thanks, EJ -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
