I already chaged password,
when I use "NEW password" successful login, system still require to change password again !!
(LDAP and OS password already changed, both correct)

sigon and change password.

ssh xxxxx@0.0.0.0
xxxxx@0.0.0.0 password:
You are required to change your password immediately (root enforced)
Last login: Tue Nov 28 16:15:30 2017 from
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user xxxxx
(current) UNIX Password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

logon again still reqquire to change password

Use root to check account status

chage -l xxxxxx
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed

LDAP system-auth pam config

/etc/pam.d/system-auth
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so