We have found that the set guiuser command fails with the error "incorrect password" when the system is configured to use SecureLDAP (LDAPS). If SecureLDAP is disabled users are able to authenticate at the CLI using the "set guiuser" command.
We have also found this limitation extends to the use of LDAPS authentication to the API.
Absent this capability we are limited to the use of the CLI account to prevent passing password data in the clear. This makes attributing activity to a specific administrator difficult.
Do not place IBM confidential, company confidential, or personal information into any field.