Couldn't Reset AD User Password that Integrated with PrivacyIDEA 3.12

khant_ti_kyi · January 12, 2026, 2:52pm

Hi all,

I faced with an issue that I can’t reset password from privacyIDEA. I setup every single step to implement reset password process like creating AD resolver, realm, policies, SMTP servers and enroll email token. Every step that I configured is successfully work but when I reset password from email link then I got “Failed to reset password”. I provided privacyIDEA logs.

Thanks,

Khant Kyi

“[2026-01-12 15:53:37,103][248444][126630747965120][INFO][privacyidea.lib.user:275] user ‘testuser’ found in resolver ‘AD02’
[2026-01-12 15:53:37,103][248444][126630747965120][INFO][privacyidea.lib.user:277] userid resolved to ‘c5c378a6-3cc8-4c92-88ba-a7afd9ad0b99’
[2026-01-12 15:53:37,287][248444][126630747965120][INFO][privacyidea.lib.user:531] User info for user ‘testuser’@‘adrealm01’ about to be updated.
[2026-01-12 15:53:37,362][248444][126630747965120][ERROR][privacyidea.lib.resolvers.LDAPIdResolver:1380] Error accessing LDAP server: LDAPChangeError(‘no changes in modify request’)
[2026-01-12 15:53:37,363][248444][126630747965120][INFO][privacyidea.lib.user:551] user User(login=‘testuser’, realm=‘adrealm01’, resolver=‘AD02’) failed to update.”

cornelinux · January 13, 2026, 6:48pm

Please see here:

You need an editable user store.
The AD userstore is not completly editable. Setting a password is not supported.
See 5.1. UserIdResolvers — privacyIDEA 0.0+g5ed5f6a33 documentation
In other “editable” user stores like a SQL resolver you see that you can actually map a password, which is not possible with LDAP/AD.
You also can not set a password in the user details in an LDAP resolver, while you can do so in a SQL resolver.

This should give you the clue: