Error 5027 returned during change password

  • 7018483
  • 12-Jan-2017
  • 12-Jan-2017


SSPR Appliance


User navigates to the SSPR login page

Clicks the forgotten password link

The user is presented with their challenge answers

The user provides the correct answers

The server returns the error 5027 ERROR_UNAUTHORIZED


There is a current enhancement entered against SSPR to fix this condition. (cast all LDAP specifiers to lower case) but due to time restraints it hasn’t been fixed yet. Make sure to use the same case when configuring the LDAP specifiers. Use all lower case or all upper case. IE (CN, DN, O, OU) or (cn, dn, o, ou)



The problem is due to the use of mixed character case between the SSPR LDAP settings.

In the setting password.allowChange.queryMatch the customer had the value of



This should be ok but in the setting ldap.rootContexts they had the value of



The problem is with the character case of the LDAP organization specifier. O=NOVELL vs o=NOVELL.

To resolve this issue, either change the root context value to o=NOVELL or change the queryMatch to O=NOVELL