Hello Team,

I have configured the password policy on LDAP to store the last 5 passwords in history.

Effective password policy for XYZ user

The effective password policy is calculated based on the following entries:
cn=scbgroup,CN=IBMPOLICIES
cn=pwdpolicy,cn=ibmpolicies

The effective password policy is:
ibm-pwdPolicyStartTime=20210302095312.046897Z
pwdInHistory=5
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=0
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=3888000
pwdMinAge=0
pwdExpireWarning=0
pwdMinLength=8
passwordMinAlphaChars=1
passwordMinOtherChars=1
passwordMinDiffChars=0
ibm-pwdPolicy=true
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=false
pwdSafeModify=false
ibm-pwdGroupAndIndividualEnabled=true

From pdadmin utility, if we try to change the password with the same password then its throws the error i.e policy violation
> user modify XYZ password Passw0rd@1
Could not perform the administration request
Error: HPDIA0300W Password rejected due to policy violation. (status 0x1321212c)

but when I try to change the password from infoMap with the changePassword(oldPassword,newPassword) method from com.ibm.security.access.user.User Class. then password policy is not enforced.

why the password policy is not enforced if we change the password from infoMap?

can anyone help me with the same?

------------------------------
Mukesh
------------------------------