ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PasswordMustChange flag is reset even if the SiteMinder Password Services password change fails with AD integration turned on.


Article ID: 53236


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



With SiteMinder Policy Server 6.0-Sp5-CR-22 on Windows Server 2003 and Active Directory 2003 (AD namespace) as User Store and Enhanced Active Directory Integration turned on; During a user's password change - User Must Change password at Next Login, if the new password does not meet the complexity requirements of the directory, the password change fails. But, the "User Must Change Password at next logon" (pwdLastSet attribute) flag is reset, Allowing the user to successfully authenticate using the old password next time login.

NOTE: The same problem is also encountered when password is expired and password change fails.


The issue has been fixed in SiteMinder policy server Version 6.0-SP5-CR25 via CQ- 79852.


Component: SMPLC