Self Service Password Reset 22.214.171.124
LDAP server being used on back-end of SSPR is a eDirectory 9.1.0 or 8.8.8.x server
After upgrading from the SSPR 4.3.x appliance to SSPR 126.96.36.199, the following message is received when attempting to change the password on a user.
Fixed in SSPR 188.8.131.52.
Workaround #1. In the eDirectory password policy assigned to the user. Check the option "Allow non-alphabetic characters in the password"
Workaround #2. for cases where the above resolution is not a viable option:
1. Set the password policy source to âlocalâ instead of "merge." This is done in SSPR Configuration Editor, Settings â¨ Password Settings, Password Policy Source.
Changing this setting to âlocalâ will change the way SSPR displays the password policy settings to users, but will not change the way eDirectory enforces password settings. eDirecory will not allow a password it doesnât like regardless of this setting.
2. Then, so that users see the complete requirements, manually enter the desired password requirements in Password Rule Text under Policies â¨ Password Policies â¨ default .
The eDirectory password policy, or the SSPR password policy has a numeric requirement of one value in it. Requiring one numeric value in the password. As soon as you put in that one numeric value, SSPR throws a "New password has too many non-letter characters" message and will not allow you to save the password.
SSPR 4.4 changed the way that SSPR interprets the eDirectory setting "Allow non-alphabetic characters in the password." The enforcement of "Allow non-alphabetic characters in the password" with SSPR 4.4 is currently being investigated.
Another option is to patch/upgrade to NetIQ Self Service Password Reset 4.4 Patch Update 4 (version 184.108.40.206) as the issue has also been addressed in this version, as referenced in the 'Release Notes':