Add a so called "Password Adminstrators" role to Red Hat Directory Server 9

Solution Verified - Updated -


  • when enable "user must change pw after reset", this is only valid if the "Directroy Manager" reset this password. When a different user changes the password the "reset enforcing" is not activated?
  • If users are required to reset their password, only the Directory Manager is authorized to reset the user's password. A regular administrative user cannot force the users to update their password.
  • I found the same box in RHDir9.1 documentation. Is this really still a problem. My 389 does not have this problem anymore.
  • Can you please check if this will be fixed in RHDir8, is fixed in RHDir9 or will be fixed in RHDir9.
  • Password Policy "user must change pw after reset" unusable in RHDIR8
  • Previously only the root DN (e.g. cn=Directory Manager) was allowed to do certain password operations. Such operations included resetting userpasswords (forcing the user to reset the password on the next login), changing a users password to a different storage scheme that is defined in the policy, and adding already hashed passwords.
  • They have to implement it due to security policy. Auditing will check if this has been done. Now directory adminstrators can define a user, or a group of users, who are "Password Administrators", for example helpdesk employees.


  • Red Hat Directory Server (RHDS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content