Hi,
I'm trying to set up User self registration in AD through SSPR, but I don't understand how to properly setup the password complexity.
I've tried both with prompting the user with a password as well as letting SSPR generating one on its own. Setting the password myself, I can successfully register as long as the password is complex enough. But I can also make it fail by setting a password that is strong enough for SSPR, but not for AD. When letting SSPR generate a random password, it sometimes succeeds and sometimes fails.
Shouldn't the password check in the form make sure that the password adheres to AD:s policies? And shouldn't the random passwords generated by SSPR be strong enough?
We're already using SSPR for letting users reset their passwords and that works fine. The password I've tested with is rejected by that form.
The only setting I can find regarding passwords is the "Password Policy Template" which is set to the same user as I used when testing the forgotten password feature. So that user should have the correct password policy.
The error I'm getting is:
ERROR, newuser.NewUserServlet, {3468} error during user creation: 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting user password for new user entry: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190FD6, #1: [83.253.137.90] 0: 0000052D: DSID-03190FD6, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
Best regards,
Philip