Disallow Current Password to be used again

After migration of edirectory, while testing I am not able to prevent users from repeating the current password as new password.

Earlier when user try to use the same password, they face the error "New password has been configured previously"

But now I am not getting this and user is able to repeat their previous password.

My SSPR is present on Linux and I used apache-tomcat-7.0.29:

1. Is there any way where I can check the issue and apply the same setting which was used previously.
2. Also can this issue be related because I have migrated eDirectory from one windows server to other ?
  • muditgupta13 wrote:

    > After migration of edirectory, while testing I am not able to prevent
    > users from repeating the current password as new password.
    >
    > Earlier when user try to use the same password, they face the error "New
    > password has been configured previously"
    >
    > But now I am not getting this and user is able to repeat their previous
    > password.
    >
    > My SSPR is present on Linux and I used apache-tomcat-7.0.29:


    Is SSPR configured to apply NMAS password rules or do you use the built-in
    rules? If NMAS: did you verify the affected account has UP policy assigned
    where password history is enabled?

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • Thanks lhaeger for quick response,

    We have use the built in rules as Forget password was not enabled in LDAP thus SSPR rules wil takes over (as per documents)

    Here's a weird thing, after migration I can see SSPR error such as:

    New password is too obvious(4029)
    New password is the same as the current password(4028)

    Only facing issue with error as:
    New password has been used previously (4004)

    Exact issue is when we click on Forget password >> we are thrown to security question page >> from there when we try to enter the new password(which has been used earlier), Instead of getting Error code 4004, the same jsp page is coming again.

    Hope this log file can clarify something:

    2018-01-09 04:20:24, WARN , pwm.PasswordUtility, {4,rb8029} 4004 PASSWORD_PREVIOUSLYUSED (error setting password for user 'cn=rb8029,OU=USERS,O=xxx'' [LDAP: error code 19 - NDS error: duplicate password or Q in service (-215)]) [xxx.xx.xx.xx]

    The above error is somehow not visible in our application page

    While for the same user, we can see:

    2018-01-09 03:54:18, DEBUG, servlet.ChangePasswordServlet, {4,rb8029} failed password validation check: 4028 PASSWORD_SAMEASOLD [xxx.xx.x.x]

    Which is visible in our application page.

    Please suggest any root cause for this issue.
    - Thanks