Per-user or per-group password policy in OD?

Howdy all: I've been scratching my head over this one - it seems as if there's an ability in Open Directory to set password policy, but it sets it globally. I want to maintain two separate password policies - one for Joe Sixpack User and one for a group of admins (the admins need to have a shorter password expiration window and must have stronger password checking enforced). Is there any simple way to do this in OD? I can't find anything in WGM that would be applicable and I'm heartily hoping I don't have to edit the LDAP entries by hand. Thanks.