Issue:
When a user is forced to change his password. He is redirected to the change password page. Once submit old/new password we are getting the following errors in the policy server traces:
[03/14/2017][14:37:18.115][14:37:18][2284][2984][plugin_AD.cpp:451][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00880] (SetUserProp) DN: 'xxyyzz', PropName: 'unicodePwd', PropValue: '****' . Status: Error 19 . Constraint Violation][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
Environment:
Policy Server Version: 12.51; Update: 00.00; Build: 905; CR: 00; on Windows 2008 R2
Cause:
Enhanced AD integration is enabled, which means that the AD password policy was being applied to the user. There was no password policy defined for the User Directory in Siteminder.
In AD Policy, the minimum password age was set to 1 day which, in this case, did not permit the password change as the password was not older than 1 day.
Resolution:
You have to modify AD password policy as per your needs as product is working as designed and trust AD to manage password change (Enhanced AD integration is enabled)
Additional Information:
If there are other constraints on the AD policy you may have the same error message and users will not be able to change their password.
KD: TEC1730092