Forgot Password from LDAP provide by RODC

An user could change the password LDAP provide by a RODC (Read Only Domain Controller) using the keycloak feature: “forgot your password?” ?

I tested and did not work.
At keycloak log I can see the this:

keycloak | 2024-09-16 19:03:51,865 WARN [org.keycloak.events] (executor-thread-5) type=“UPDATE_PASSWORD_ERROR”, realmId=“my-hml”, clientId=“intranet-homolog”, userId=“01740ba5-d3e3-43c0-99f3-c0fc244523e5”, ipAddress=“200.200.20.20”, error=“password_rejected”, reason=“Could not modify attribute for DN [CN=fulano.beltrano,OU=Diretory,OU=Comuns,OU=Users,OU=XPTOInformatica,DC=xpto,DC=interno]”, auth_method=“openid-connect”, custom_required_action=“UPDATE_PASSWORD”, response_type=“code”, redirect_uri=“https://identity.xpto-test.com/realms/my-hml/account/”, remember_me=“false”, code_id=“3b156988-27a5-44d3-a58a-3ab8be99da2f”, response_mode=“query”, username=“fulano.beltrano”

Keycloak version: 24.0.5

Someone already implemeted this cenario ?