Hi, Yes, you can bypass the password policy. It's managed by the ipa_pwd_extop plugin. And you can exclude the admin user.
# ipa_pwd_extop.ldif dn: cn=ipa_pwd_extop,cn=plugins,cn=config changetype: modify add: passSyncManagersDNs passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=example,dc=com $ ldapmodify -f ipa_pwd_extop.ldif You can apply the following query to confirm the result. The admin user will be listed under passSyncManagerDNs. $ ldapsearch -LL -x -D 'cn=Directory Manager' -W -b "cn=ipa_pwd_extop,cn=plugins,cn=config" You can get more info here; https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#enabling-password-reset-in-idm-without-prompting-the-user-for-a-password-change-at-the-next-login_managing-user-passwords-in-idm Vahit -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue