4006 PASSWORD_BADPASSWORD LDAP: error code 50 - 00000005

31 views
Skip to first unread message

Anatoliy 228

unread,
Aug 13, 2025, 1:14:07 PMAug 13
to pwm-general

Hi, 

I was able to setup the PWM 2.0.8 docker container along with an PostgreSQL docker container. 

I managed to (as I think) configure everything correctly with my AD on a Windows Server 2008 R2 and a TOTP verification for password reset. 

 

When trying to reset a forgotten password I get  

"{ 4006 PASSWORD_BADPASSWORD (error setting password for user 'CN=User,OU=IT,OU=business,DC=enterprise,DC=domain,DC=local (default)'' javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A11CC, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 

]) }" 

 

I suspected this is a problem of my password policy on the AD, but when resetting the same password from the AD directly it works.  

 

The proxy user has been granted all the permissions following these steps:  

  • Right-click in users OU > Delegate Control. 

  • Add PWM_Proxy(proxy user) > Create custom task > User objects > Property-specific. 

  • Select all the permissions (including ldif imported ones). 

The only attribute that is not on my AD’s list is objectClass 

 

The User container DN I selected is: OU=business,DC=enterprise,DC=domain,DC=local, it contains all the OU’s with users. 

 

This only happens when resetting a forgotten password, when I try to change a password after logging in PWM with a user it works correctly. 

 

Has anybody found a solution to this problem? 

 

Thank you in advance. 

Anatoliy 228

unread,
Aug 18, 2025, 3:06:51 AMAug 18
to pwm-general
The problem was solved by adding the proxy user to the administrators group

среда, 13 августа 2025 г. в 19:14:07 UTC+2, Anatoliy 228:
Reply all
Reply to author
Forward
0 new messages