While setting up our new Sametime environment I did run into quite an interesting issue. People accessing a Domino Server via web browser got asked to change their password:
"Your Administrator has required a password change before logging in. Please choose a new password"
Entering a new password they received a further message telling them that they are not authorised to submit password change requests:
"You are not authorized to submit password change requests. Contact your Administrator for more information."
As Google didn’t return any useful result to the error messages quoted I thought it might be worth putting out some documentation. The whole issue was caused by two parameters in the standard security settings that usually should exclude each other. While enabling the password synchronization between Notes and Internet I have missed to review the standard settings provided.
The password management options disallowed users to change their internet password over HTTP while the password expiration was set to be enforced on Notes and internet clients. Therefore there are two ways to solve this. To Allow Users to Change Internet Password over HTTP or to Enforce Password Expiration for Notes only. Latter was the preferred option in my caseÃ‚Â as a change of the HTTP password does not incur a change of the Notes (ID) password.