Hi Brian,
"I can assure that ad_apply is not the source of the problem". So can I!
Finally, I've started from scratch and found the problem. MainSite parameter "RegistrationProvidesRandomPasswordP" was enabled. Because of it, the system generates a random password, even if we explicitly had passed the password and confirm_password fields, as API methods arguments/switches.
Testing things out a while ago, I should have enabled and I forgot to disable it later on.
The good thing...?! It was a good case as lesson learned to get knowing the whole registration and login adn their ad_procs workflow through pkgs: from acs-subsite, acs-authentication, acs-service-contract, acs-tcl ...
Best wishes,