Using the GUI support via Sun Java System Server Console is convenient. However, one does not have such luxury in a tightly-controlled environment.
How do you proceed then? Well, ldapsearch/ldapmodify CLI is your friend.
bash-3.00# ldapsearch -p 389 -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" objectclass=*
Enter bind password:version: 1dn: cn=Password Policy,cn=configobjectClass: topobjectClass: passwordPolicycn: Password PolicypasswordInHistory: 0passwordStorageScheme: SSHApasswordUnlock: onpasswordMustChange: offpasswordNonRootMayResetUserpwd: offpasswordWarning: 86400passwordExpireWithoutWarning: onpasswordLockout: offpasswordMinLength: 6passwordMaxFailure: 3passwordMaxAge: 8640000passwordResetFailureCount: 600passwordisglobalpolicy: offpasswordChange: onpasswordExp: offpasswordLockoutDuration: 3600passwordCheckSyntax: offpasswordMinAge: 0passwordRootdnMayBypassModsChecks: off
Note: The global password policy applies to all users in the directory who do not have an individual policy defined. However, the global password policy does not apply to the Directory Manager. Read more here.