The Ldap module and LdapDecisionNode make calls to the LdapAuthUtils.changePassword method in a change password flow.
If there are multiple concurrent calls then updates may fail with error as below:
_Corresponding DS log "_cannot be modified due to insufficient access rights" message
Reproduction steps to follow..
Directly modify Password via DS calls.
Same root cause as https://bugster.forgerock.org/jira/browse/OPENAM-13183