You have CA Directory Password Policy enabled and several password rules are defined. When attempting to add a new user (ldapadd) or modify (ldapmodify) an existing users userPassword attribute value reults in:
Constraint violation (19)
additional info: Cannot store encoded password when password policy enabled
Chances are, your userPassword value is already encrypted (HASHED).
This is working as design and expected. When CA Directory Password Policy is enable and effective, the DSA cannot determine password quality when presented with a HASHED version of (i.e. already encrypted) password value.
e.g. if adding or modifying a user via LDIF, you may have something like following:
dn: cn=Craig LINK,ou=Administration,ou=Corporate,o=democorp,c=au
postalAddress: 83 Venton Road$Hobart TAS
telephoneNumber: 544 3697
title: Group Secretary
cn: Craig LINK
description: Product Distribution
With password policy enabled, DSA expectes the password to be in clear text so it can encrypt/hash the value on it's own before storing it. DSA cannot re-encrypt an already encrypted value (i.e. double encryption) for 'userPassword' attribute. Soultion would be to use clear text value.