Self Service Password Reset 188.8.131.52
LDAP server being used on back-end of SSPR is a eDirectory 9.1.0 or 8.8.8.x server
After upgrading from the SSPR 4.3.x appliance to SSPR 184.108.40.206, the following message is received when attempting to change the password on a user.
Fixed in SSPR 220.127.116.11.
Workaround #1. In the eDirectory password policy assigned to the user. Check the option "Allow non-alphabetic characters in the password"
Workaround #2. for cases where the above resolution is not a viable option:
1. Set the password policy source to âlocalâ instead of "merge." This is done in SSPR Configuration Editor, Settings â¨ Password Settings, Password Policy Source.
Changing this setting to âlocalâ will change the way SSPR displays the password policy settings to users, but will not change the way eDirectory enforces password settings. eDirecory will not allow a password it doesnât like regardless of this setting.
2. Then, so that users see the complete requirements, manually enter the desired password requirements in Password Rule Text under Policies â¨ Password Policies â¨ default .
The eDirectory password policy, or the SSPR password policy has a numeric requirement of one value in it. Requiring one numeric value in the password. As soon as you put in that one numeric value, SSPR throws a "New password has too many non-letter characters" message and will not allow you to save the password.
SSPR 4.4 changed the way that SSPR interprets the eDirectory setting "Allow non-alphabetic characters in the password." The enforcement of "Allow non-alphabetic characters in the password" with SSPR 4.4 is currently being investigated.
Another option is to patch/upgrade to NetIQ Self Service Password Reset 4.4 Patch Update 4 (version 18.104.22.168) as the issue has also been addressed in this version, as referenced in the 'Release Notes':