PASSWORD_BADPASSWORD

[Grand Lac]

Hello,

I installed PWM on Debian 13 with Tomcat 9.
I can successfully access the PWM web interface and connect it to my Active Directory (LDAP).
Everything looks fine so far. However, when I log in with a user account and try to reset the password, I get the following error:

I read on the Google group that it is better to use the local password policy rather than LDAP when working with Microsoft Active Directory.

So, I replicated the settings from my domain password policy into the PWM local policy, but it still doesn’t work.

I would also like to mention that I don’t use a remote database — everything is stored in LDAP. Therefore, I replaced the default attributes with the following ones:

pwmData = extensionAttribute10

pwmGUID = extensionAttribute11

pwmResponseset = extensionAttribute12

pwmotpSecret = extensionAttribute13

pwmLastPwdUpdate = extensionAttribute14

Thank you in advance for your help.

[Grand Lac]

  { 4006 PASSWORD_BADPASSWORD (error setting password for user 'CN=testgpo5,OU=Utilisateurs,OU=Comptes,OU=GrandLac,DC=CCLB,DC=local (default)'' com.novell.ldapchai.exception.ChaiPasswordPolicyException: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000056: AtrErr: DSID-03190FC9, #1: 0: 00000056: DSID-03190FC9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) ]) }  

[Jason Rivard]

Unfortunately, AD errors do not indicate the nature of the problem with the password value.  You'll need to modify your group policy and password object policies until it works to find out the issue.  The most common cause is minimum time between password changes.