Does anyone know the specific limitations on the allowed characters for passwords in 389-ds? I use the windows passsync agent on my domain controllers and occasionally come across this problem. I am thinking there might be a unicode problem, but I am having a hard time nailing it down, or finding documentation on it for that matter.

Example event from 389-ds:

[24/Apr/2017:07:39:15 +0000] conn=268899 op=2 MOD dn="uid=xxx,ou=yyy,dc=a,dc=b,dc=c", invalid password syntax

Thanks,

-Lucas