i got a request today to display an errormessage if the password change for an AD account failed.
I thougt this would be default, but somehow there is no info/message shown, just the two texfields for the new password and the verification are cleared.
In the apm-log shows up a message "AD module: change password for 'asdf' failed: Password change rejected(4), result_string: (4)"
How can i display an info like "sorry, your password couldnt be changed because it is to short/weak, please use at least 512 characters, a primenumber and the blood from an virgin goat"
I do not know where you can find virgin goats as I think there are none left and I have not tested the solution for your issue but have seen article https://support.f5.com/csp/article/K16806
See here the available session variables for the AD/LDAP:
Maybe you can use session.ad.last.errmsg and after that to trigger te message box agent wit your messege for the user by first creating a branch that checks the session variable. It is worth trying.