PASSWORD_BADPASSWORD

16 views
Skip to first unread message

Grand Lac

unread,
Aug 21, 2025, 10:17:04 AMAug 21
to pwm-general

Hello,

I installed PWM on Debian 13 with Tomcat 9.
I can successfully access the PWM web interface and connect it to my Active Directory (LDAP).
Everything looks fine so far. However, when I log in with a user account and try to reset the password, I get the following error:

I read on the Google group that it is better to use the local password policy rather than LDAP when working with Microsoft Active Directory.

So, I replicated the settings from my domain password policy into the PWM local policy, but it still doesn’t work.

I would also like to mention that I don’t use a remote database — everything is stored in LDAP. Therefore, I replaced the default attributes with the following ones:


pwmData = extensionAttribute10

pwmGUID = extensionAttribute11

pwmResponseset = extensionAttribute12

pwmotpSecret = extensionAttribute13

pwmLastPwdUpdate = extensionAttribute14

Thank you in advance for your help.

Capture d’écran 2025-08-21 161601.png

Grand Lac

unread,
Aug 21, 2025, 10:18:10 AMAug 21
to pwm-general
  { 4006 PASSWORD_BADPASSWORD (error setting password for user 'CN=testgpo5,OU=Utilisateurs,OU=Comptes,OU=GrandLac,DC=CCLB,DC=local (default)'' com.novell.ldapchai.exception.ChaiPasswordPolicyException: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000056: AtrErr: DSID-03190FC9, #1: 0: 00000056: DSID-03190FC9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) ]) }  

Jason Rivard

unread,
Aug 25, 2025, 6:27:34 PM (11 days ago) Aug 25
to pwm-general
Unfortunately, AD errors do not indicate the nature of the problem with the password value.  You'll need to modify your group policy and password object policies until it works to find out the issue.  The most common cause is minimum time between password changes.
Reply all
Reply to author
Forward
0 new messages