Description of problem:

When the LDAP password policy extended operation is executed by root DN on a regular user under constraints of a password policy, eg password history, it should skip password policy checks because the root DN should be allowed to set a regular user password to any value however this is currently not the case.

The root DN user can still modify userPassword attribute directly via regular modify operation, which can be used as workaround of sorts however it does not play nice with various password policy flags/op attributes ie it can be done but requires more effort and essentially negates password policy extended operation functionality.

Steps to Reproduce:

1. Have a password policy in place with a specific constraint eg password history.
2. Use ldappasswd tool, bind as root DN, attempt to change user's password to one that is already in history (violate password policy constraints).

Actual results:

Result: Constraint violation (19)
Additional info: Failed to update password

Expected results:

The root DN should be able to violate password policy constraints and change user password regardless.

Additional info:

It should probably apply to a password administrator user as well if one is defined for password policy configuration.