When we are dealing with a password modification, we call the getPwdModDetails methods, which try to find if a Modification is impacting the password attribute. This attribute is configured in the PasswordPolicyConfiguration class (which is either read from the config, or default to userPassword).
So far, so good, except that the password attribute is stored as a String in the PasswordPolicyConfiguration instance, which leads to code like :
if ( at.getUpId().equalsIgnoreCase( policyConfig.getPwdAttribute() ) )
This is broken. If the Mods contain the OID of the password attribute instead of its name, it's not going to work. If the configured password attribute has many names, it won't work either.
We must store the AttributeType and not the String of the password attribute, and compare it with the AttributeType we have in the Modification.