Using the LDAP/AD auth module, the change password on next login, if current password is empty it displays the wrong error message

Bug description

When using the LDAP/AD authentication module with change password on next login enabled, on the change password page when submitting an empty or incorrect password for the current password and a password that meets the password policy for both the new and confirm password fields, the error that is displayed says "New password does not meet the password policy requirements." The error that should be displayed is "The password you have entered is invalid."

How to reproduce the issue

1. step 1 Install a default OpenAM server with an AD as the user store with change password on next login enabled and SSL configured.

1. step 2 Configure the AD authentication module

1. step 3 Login with the user that needs to change their password which will take you to the change password page.

1. step 4 In the current password field, give an incorrect password and in the new password and confirm password fields, provide a password that meets the AD password policy. You will see the incorrect error.

Expected behaviour

Testing with an OpenDJ user store, if the current password is invalid and the new and confirm passwords meet the password policy, the error message that is displayed is correct. "The password you have entered is invalid."

Current behaviour

Testing with an AD user store, if the current password is invalid and the new and confirm passwords meet the password policy, the error that is displayed is "New password does not meet the password policy requirements".

Work around

Code analysis