Affects Version/s: 6.2.10 EE GA1
With LDAP enabled but not required, with LDAP passwords being imported to Liferay, with LDAP export enabled, it's not possible to change a user's password in Liferay. Users can't change their passwords from My Account; administrators can't change users' password from the Control Panel.
This behavior is understandable when LDAP export is enabled. Suppose a user's password was imported from LDAP. If the user changed their password, what would happen? Would the old password be re-imported from LDAP to Liferay, overwriting the new password selected by the user? This doesn't make sense. Would the new password be exported to the LDAP server? This might make sense as an option but currently Liferay never makes a request to the LDAP server to update a user's password.
But if it's really intended that users should not be able to change their passwords, this should be explained either in the Control Panel LDAP UI or at least in the portal.properties file.
With my configuration, no users' passwords can be changed. If I create a new user in Liferay, I can't even select a password for the user.
The following message is displayed upon any request to change any user's password: "That password is invalid. Please enter in a different password."
I'm using an OpenDJ LDAP server and the attached portal-ext.properties file. It seems like I'm reproducing the issue described in
LPS-22292 except that no users are able to change their passwords.