Self Service Password Reset 4.4
eDirectory is the LDAP server on the backend of SSPR
When attempting to change the password for a user that has an expired password the following errors are receive in the Self Service Password Reset log file.
unable to authenticate with password read from directory, check proxy rights, ldap logs; error: 4006 PASSWORD_BADPASSWORD (unable to create connection: unable to bind to ldaps://22.214.171.124:636 as cn=user1,ou=TestOU,o=TestO reason: [LDAP: error code 49 - NDS error: bad password (-222)])) [126.96.36.199]
With eDirectory on the backend of SSPR, You must have grace logins remaining to be able to change the password through SSPR when the password is expired.
Increase the Grace Logins in the Password Policy assigned to the user.
See Technical Information Document 7018114 - SSPR Users locked after Grace Logins Expire, for more information.
Out of Grace Logins for the user account.