Cannot change password in SSPR: New password has too many non-letter characters

After upgrading from the SSPR 4.3.x appliance to SSPR 4.4.0.0, the following message is received when attempting to change the password on a user.

Fixed in SSPR 4.4.0.4.

Workaround  #1.  In the eDirectory password policy assigned to the user.  Check the option "Allow non-alphabetic characters in the password"

Workaround  #2.  for cases where the above resolution is not a viable option:

1.  Set the password policy source to “local” instead of "merge."  This is done in SSPR Configuration Editor, Settings ⇨ Password Settings, Password Policy Source.   

Changing this setting to “local” will  change the way SSPR displays the password policy settings to users, but will not change the way eDirectory enforces password settings.   eDirecory will not allow a password it doesn’t like regardless of this setting.   

2. Then, so that users see the complete requirements, manually enter the desired password requirements in Password Rule Text under Policies ⇨ Password Policies ⇨ default  .

 

The eDirectory password policy, or the SSPR password policy has a numeric requirement of one value in it.   Requiring one numeric value in the password.   As soon as you put in that one numeric value, SSPR throws a "New password has too many non-letter characters" message and will not allow you to save the password.

SSPR 4.4 changed the way that SSPR interprets the eDirectory setting  "Allow non-alphabetic characters in the password."  The enforcement of "Allow non-alphabetic characters in the password" with SSPR 4.4 is currently being investigated.

Another option is to patch/upgrade to NetIQ Self Service Password Reset 4.4 Patch Update 4 (version 4.4.0.4) as the issue has also been addressed in this version, as referenced in the 'Release Notes':

https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p4/data/release-notes-sspr-44-p4.html#t49mornrh1bg