Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

User cannot change password more than once a day in SSPR.

This document (7012136) is provided subject to the disclaimer at the end of this document.


NetIQ Self Service Password Reset
SSPR 2.0 HF1a
Active Directory 
Enforce Microsoft AD password complexity set to true


User is not able to change the password more than once in a day in SSPR.

In the "change password" screen, accessed directly from the SSPR main menu, trying to change the password more than once a day loops the user back to the SSPR change password screen without changing the password.  LDAP error 19 (constraint violation) shows in the error log.


While testing, set the "Minimum Password Age" to 0.  Change it back when testing is finished. 


By default, the Active Directory password policy sets "Minimum password age" to one day.  This means that a user must use a password for one day before changing it.

Additional Information

Setting the "Minimum Password Age" to 0 will allow changing the password multiple times in succession.  But be sure to change it to something other than 0 when testing is finished if you want to enable the password history restriction in the AD policy.  Microsoft discourages setting "Minimum Password Age" to 0, pointing out that doing so somewhat negates the value of the password history list.  See


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012136
  • Creation Date:11-APR-13
  • Modified Date:11-APR-13
    • NetIQSecureLogin

Did this document solve your problem? Provide Feedback