When trying to reset an ACF2 user's password in PAM, the following error message is seen:

PAM-CM-0758: Failed to synchronize password with target. If this problem persists then please ask your Administrator to investigate.

In the LDAP stderr file, the following error messages are seen:

LDAP: error code 80 - LDP0403E Modify unknown error for(userPassword), value(xxxxxxxx)
ACF6C113 - Password similarity checking active and old password cannot be determined

The user does have access to change the password and the password being entered is accepted within native ACF2. Why is the password not being changed through PAM?

Release : 15.0

Component : LDAP Server for z/OS

The ACF6C113 message indicates that PSWDSIM in the ACF2 GSO PSWD record is greater than 0. Use of PSWDSIM requires the ability to prompt for the user's old password. If a user attempts to change their password through any method where prompting is not possible, the command fails. Turning off password similarity checking by setting the PSWDSIM to 0 allows PAM to reset an ACF2 user's password.

For more information on PSWDSIM, see the ACF2 documentation for Password Maintenance and Support (PSWD):

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/administrating/administer-records/global-system-option-records-gso/password-maintenance-and-support-pswd.html