Description:

When a user is on change password page and enters invalid current password then he is redirected to the login page. If DisallowForceLogin registry key is set to 1 then the user is redirected to the change password page with a message stating that the current password is incorrect.

However, when the user directory is AD and DisallowForceLogin registry key is set to 0 still user who enters invalid current password in the change password page is redirected to the change password page with the message stating that the current password is incorrect.

I want the users to be redirected to login page instead of change password page when the user enters invalid current password in the change password page.

Solution:

Set the registry key HKLM\Software\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider\EnableSaslBind to 0 to fix the issue.

More information on the SASL protocol can be found a in the following RFC: http://www.ietf.org/rfc/rfc2222.txt?number=2222.