SSPR - 5026 Bad Password error Received Trying to Reset Password

  • 7024563
  • 15-Apr-2020
  • 15-Apr-2020

Environment

Self Service Password Reset 4.4
eDirectory is the LDAP server on the backend of SSPR

Situation

When attempting to change the password for a user that has an expired password the following errors are receive in the Self Service Password Reset log file.

5026 ERROR_BAD_SESSION_PASSWORD
unable to authenticate with password read from directory, check proxy rights, ldap logs; error: 4006 PASSWORD_BADPASSWORD (unable to create connection: unable to bind to ldaps://1.1.1.1:636 as cn=user1,ou=TestOU,o=TestO reason: [LDAP: error code 49 - NDS error: bad password (-222)])) [1.1.1.1]

Resolution

With eDirectory on the backend of SSPR, You must have grace logins remaining to be able to change the password through SSPR when the password is expired.   

Increase the Grace Logins in the Password Policy assigned to the user.

Cause

Out of Grace Logins for the user account.