PasswordMustChange flag is reset even if the SiteMinder Password Services password change fails with AD integration turned on.

Document ID : KB000053236
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With SiteMinder Policy Server 6.0-Sp5-CR-22 on Windows Server 2003 and Active Directory 2003 (AD namespace) as User Store and Enhanced Active Directory Integration turned on; During a user's password change - User Must Change password at Next Login, if the new password does not meet the complexity requirements of the directory, the password change fails. But, the "User Must Change Password at next logon" (pwdLastSet attribute) flag is reset, Allowing the user to successfully authenticate using the old password next time login.

NOTE: The same problem is also encountered when password is expired and password change fails.

Solution:

The issue has been fixed in SiteMinder policy server Version 6.0-SP5-CR25 via CQ- 79852.