Eu consegui trabalhar fazendo o seguinte sequencialmente:
Primeiramente, adicione o atributo attributeType
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.782
NAME 'passwordNonRootMayResetUserpwd'
DESC 'Sun ONE defined password policy attribute type'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-DS-USE 'internal'
X-ORIGIN 'Sun ONE Directory Server' )
Por fim, associe o atributo attributeType à objectClass
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.6 NAME 'passwordPolicy'
SUP top STRUCTURAL MUST cn MAY ( description $ passwordMaxAge
$ passwordExp $ passwordMinLength $ passwordInHistory
$ passwordChange $ passwordWarning $ passwordLockout
$ passwordMaxFailure $ passwordResetDuration
$ passwordUnlock $ passwordLockoutDuration
$ passwordCheckSyntax $ passwordMustChange
$ passwordStorageScheme $ passwordMinAge
$ passwordResetFailureCount $ passwordExpireWithoutWarning
$ passwordRootdnMayBypassModsChecks $ passwordNonRootMayResetUserpwd ) )
Disparar esses dois arquivos LDIF separados e invocar ldapmodify