The internal suffix cn=config is not really designed to have a global
password policy applied to it.
A replication manager usually does not have a password policy.
If it is required to have some special DNs with a password policy, they
should be in a different suffix.
Thanks,
M.
On Thu, Feb 27,
> On 27 Feb 2020, at 00:04, Eugen Lamers wrote:
>
> Hi,
> we have set up a multi master replication (two peers, SIMPLE authentication)
> and added a global password policy to cn=config. We included the
> passwordMustChange attribute to cn=config, which led to the fact that the
> server
