Cannot change password in SSPR: New password has too many non-letter characters

  • 7023730
  • 19-Feb-2019
  • 03-Oct-2019

Environment

Self Service Password Reset 4.4.0.0
LDAP server being used on back-end of SSPR is a eDirectory 9.1.0 or 8.8.8.x server

Situation

After upgrading from the SSPR 4.3.x appliance to SSPR 4.4.0.0, the following message is received when attempting to change the password on a user.

New password has too many non-letter characters


Resolution

In the eDirectory password policy assigned to the user.  Check the option "Allow non-alphabetic characters in the password"


Workaround for cases where the above resolution is not a viable option:

1.  Set the password policy source to “local” instead of "merge."  This is done in SSPR Configuration Editor, Settings ⇨ Password Settings, Password Policy Source.   

Changing this setting to “local” will  change the way SSPR displays the password policy settings to users, but will not change the way eDirectory enforces password settings.   eDirecory will not allow a password it doesn’t like regardless of this setting.   

2. Then, so that users see the complete requirements, manually enter the desired password requirements in Password Rule Text under Policies ⇨ Password Policies ⇨ default  .
 


Cause

The eDirectory password policy, or the SSPR password policy has a numeric requirement of one value in it.   Requiring one numeric value in the password.   As soon as you put in that one numeric value, SSPR throws a "New password has too many non-letter characters" message and will not allow you to save the password.

SSPR 4.4 changed the way that SSPR interprets the eDirectory setting  "Allow non-alphabetic characters in the password."  The enforcement of "Allow non-alphabetic characters in the password" with SSPR 4.4 is currently being investigated.

Status

Reported to Engineering