Environment
NetIQ Self Service Password Reset 4.x
Using eDirectory as the LDAP Source for SSPR
Using eDirectory as the LDAP Source for SSPR
Situation
When attempting to set a password in SSPR on a user object with a password that complies with the password policy. It says "New password accepted, please click change password" but then when you click change password it errors with. "New password does not meet requirements. Please try using a different password."
A NMAS -1697 error is found in the SSPR LDAP trace.
A NMAS -1697 error is found in the SSPR LDAP trace.
Resolution
User object in eDirectory MUST be assigned to a password policy in
eDirectory. If not, SSPR cannot set the password on the user.
Assigning a password policy to the user object, corrected the issue.
Password policies are searched for in the following order in eDirectory.
1. User object
2. User object's container
3. User object's partition root
4. Login Policy object (under the security container)
If no password policy is assigned to any of those objects, then the user does not have an eDirectory password policy assigned.
Assigning a password policy to the user object, corrected the issue.
Password policies are searched for in the following order in eDirectory.
1. User object
2. User object's container
3. User object's partition root
4. Login Policy object (under the security container)
If no password policy is assigned to any of those objects, then the user does not have an eDirectory password policy assigned.
Cause
View Password Policy Assignment, on the user object showed that no password policy was assigned to the user object in eDirectory.