Different groups of users may be associated with different password
policies, and there is no limit to the number of password policies
that may be created.
+.P
+Note that some of the policies do not take effect when the operation
+is performed with the
+.B rootdn
+identity; all the operations, when performed with any other identity,
+may be subjected to constraints, like access control.
.SH CONFIGURATION
These
value accepted for
.B pwdAttribute
is
-.RI " userPassword ".
+.IR " userPassword ".
.LP
.RS 4
( 1.3.6.1.4.1.42.2.27.8.1.1
zero (0), used passwords will not be stored in
.B pwdHistory
and thus any previously-used password may be reused.
+No history checking occurs if the password is being modified by the
+.BR rootdn ,
+although the password is saved in the history.
.LP
.RS 4
( 1.3.6.1.4.1.42.2.27.8.1.4
.B pwdGraceUseTime
This attribute contains the list of timestamps of logins made after
the user password in the DN has expired. These post-expiration
-logins are known as
-.RI " "grace logins" ."
+logins are known as "\fIgrace logins\fP".
If too many
.I grace logins
have been used (please refer to the