Administrative password change does not respect password policy
    
    When Directory Manager or a PassSync agent is changing a password,
    it is not being expired, but standard expiration time should apply.
    However, default expiration time was always applied (90 days)
    even though administrator may have a custom policy for the user.
    
    https://fedorahosted.org/freeipa/ticket/3968