The way passwords changes are handled has changed since 11.0.2 in a way that openam 11.0.3 tries to bind as the user himself and then modify his password contrary to 11.0.2 where openam used directory manager to change the user password.
STEPS TO REPRODUCE
1.) Create an user bjensen and get his token
2.) Change the password with PUT and REST
Password was changed
OpenDJ access logs:
ACIs present in the opendj prevent user from changing his own password