This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSPR not enforcing AD Complexity in regards to name values

SSPR v4.5.0.4 b85 r69f7e436 is the version we are on and it does not enforce the AD Complexity of "Not contain the user's account name or parts of the user's full name that exceed two consecutive characters".

For a person with first name of John, then sspr would reject password of JohnWilly!23 but would not reject JoWil!23....then when the SSPR accepted password syncs to AD it gets rejected because it hits that violation of two consecutive characters from name.

DirXML Log Event -------------------
Driver: AD
Channel: Subscriber
Object: User
Status: Error
Message: <message>Password set failed.</message>
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="1325"/>
</ldap-err>