Folks, I think I found the issue. >From the thread: "As an example, a token length of 3 would mean that the following tokens are not allowed in a password for a user with a uid of "nkinder": - nki - kin - ind - nde - der " https://www.ldapadministrator.com/forum/constraint-violation-when-changing-password-t52.html I was testing with a default user and may have accidentally run into this issue. I increased the token to 6 and the error *seemed to* vanish. Doing testing now. _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx