Hello Hubert,
I use the ldapsearch command and we are able to see that the password is getting changed. Please see the below results:
Initially when the user is created:
dn: uid=xxxxx,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: ***
cn: xx ***
givenName: xx
userPassword: {SSHA256}H5xKfa44BrsVsAx89nM4M3SupyPASpQ8ZDPwXfD1on2cw7AVaYR/3w==
uid: xxxxx
After changePassword method:
dn: uid=xxxxx,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: ***
cn: xx ***
givenName: xx
userPassword: {SSHA256}SikTMlHunimSzz0xIu0nkuyhaFVmA+6QAuB7WL3Hngp7oRcc4jTe6g==
uid: xxxxx
I have some more logs to offer from Ping Directory server.
When we make a changePassword call it gives the below logs:
[25/Oct/2018:06:40:40.581 +0000] MODIFY RESULT instanceName="ds" threadID=11 conn=2 op=25 msgID=26 requesterIP="54.145.226.14" requesterDN="cn=Directory Manager,cn=Root DNs,cn=config" dn="uid=xxxxx,ou=People,dc=example,dc=com" resultCode=0 resultCodeName="Success" qtime=0 etime=2.166 usedPrivileges="bypass-acl,password-reset"
When we make a User Authenticate call there is below error:
BIND RESULT instanceName="ds" threadID=11 conn=3 op=2 msgID=3 requesterIP="54.145.226.14" version="3" dn="uid=xxxxx,ou=People,dc=example,dc=com" authType="SIMPLE" resultCode=49 resultCodeName="Invalid Credentials" qtime=0 etime=40.395 authFailureID=9 authFailureReason="The provided password does not match any password in the user's entry. The account will be locked after 3 more failed attempt(s)" clientConnectionPolicy="default"
One more thing that i notice is when we create a new user, it is able to authenticate with the initial password but there are some logs in Ping Directory server where it is expecting "smapsbasedate" attribute to be created in Ping Directory for it to have Logs below:
[24/Oct/2018:13:04:41.767 +0000] MODIFY RESULT instanceName="ds" threadID=9 conn=12 op=33 msgID=34 requesterIP="54.174.135.114" requesterDN="cn=Directory Manager,cn=Root DNs,cn=config" dn="uid=xxxxx,ou=People,dc=example,dc=com" resultCode=65 resultCodeName="Object Class Violation" message="Entry 'uid=xxxxx,ou=People,dc=example,dc=com' cannot be modified because the resulting entry would have violated the server schema: Entry 'uid=xxxxx,ou=People,dc=example,dc=com' violates the Directory Server schema configuration because it includes attribute 'smapsbasedate' which is not allowed by any of the object classes defined in that entry" qtime=0 etime=0.629 usedPrivileges="bypass-acl"
I created the attribute but don't think this as an issue.