Login to Identity Manager as a regular user .
Under the "Profile" tab, go to the "Change password" page.
You should see that SunAccessManagerRealm requires the old password.
Enter the user's the old password, the new password, and confirmation of the new password,
The user's password should be set in the Directory Server user data store as a "self-change” instead of am "admin-change.” This is especially important if the pwdMustChange or passwordMustChange attributes had been earlier set on the user's profile on the Directory Server. If the self-change configuration is not implemented, when the user logs back into OpenSSO Enterprise, the user will be asked to change his password again