Ok, I captured the operation using wireshark, I have no idea if this is useful or not. I'm attaching two files (wireshark format and plain text, both have same content).

And here is an answer from a developer of openam, I'm copying it since maybe it helps.

-----------
 This error message is now coming
out of LDAP authentication module, and not from the UMUserChangePassword
page..
The LDAP authentication module grabs the existing password and creates a
MODIFY request:
remove userpassword: currentvalue
add userpassword: newvvalue
Looks like this is not really handled by Apache DS for some reason,
which is quite strange. The other way is to simply run one operation of:
replace userpassword: newvalue
but this could be only done by a privileged user (who can reset
passwords for arbitrary users).


On Fri, Feb 1, 2013 at 3:51 PM, Emmanuel Lécharny <elecharny@gmail.com> wrote:
There is somethong *extremelly* weird...

The userPassword value you are trying to modify is :

e1NTSEF9NGx1QXphMkw...tM2F3SHFZN0E9PQ==

which once decoded gives :

{SSHA}4luAza2L+0Xyut...VVm3awHqY7A==

and now, the password value is a base64 value, which makes no sense...

Something in OpenAM should encode the real SSHA salted password in
base64, then add {SSHA) into the value, and try to remove this value
from the server.

I would expect the real value to be :

{SSHA}â[€Í­‹ûE...VmÚÀz˜ì

instead...

Is it possible that you capture the PDU being exchanged between OpenAM
and ApacheDS using wireshark ?


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com