Ok, I captured the operation using wireshark, I have no idea if this is useful or not. I'm attaching two files (wireshark format and plain text, both have same content).
And here is an answer from a developer of openam, I'm copying it since maybe it helps.
This error message is now coming
out of LDAP authentication module, and not from the UMUserChangePassword
The LDAP authentication module grabs the existing password and creates a
remove userpassword: currentvalue
add userpassword: newvvalue
Looks like this is not really handled by Apache DS for some reason,
which is quite strange. The other way is to simply run one operation of:
replace userpassword: newvalue
but this could be only done by a privileged user (who can reset
passwords for arbitrary users).