Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
adamdn01 Absent Member.
Absent Member.
238 views

Special characters in passwords--issue with AD


We were getting a rash of reports that user passwords were randomly not
working right after change. After some investigation, I tracked this
down to the use of certain special characters: )('<>. Our password
policy in AD supposedly allows these, as does eDirectory. So, after
enabling traces to show the password in transit, I discovered that the
IDM was converting them to their character codes which either AD or the
AD shim apparently was interpreting as literal.

I don't know if this is a bug or what--I am still running an older
driver version (3.5.10)--but I just wanted to let the community know. I
created a work around rule on my AD command transform policy that fixes
this via regex. I don't know is the proper way to fix, but it seems to
do the trick:


<rule notrace="true">
<description>Fix Special Characters</description>
<comment xml:space="preserve">AD does not recognize special character
codes in a password, so we must manually convert them here.</comment>
<conditions>
<and>
<if-op-attr name="nspmDistributionPassword" op="available"/>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="nspmDistributionPassword" notrace="true">
<arg-value type="string">
<token-replace-all regex="& #41;" replace-with=")">
<token-replace-all regex="& #40;" replace-with="(">
<token-replace-all regex="& #39;" replace-with="'">
<token-replace-all regex="& lt;" replace-with="<">
<token-replace-all regex="& gt;" replace-with=">">
<token-op-attr name="nspmDistributionPassword"/>
</token-replace-all>
</token-replace-all>
</token-replace-all>
</token-replace-all>
</token-replace-all>
</arg-value>
</do-reformat-op-attr>
</actions>
</rule>




Regards,
Adam


--
adamdn01
------------------------------------------------------------------------
adamdn01's Profile: http://forums.novell.com/member.php?userid=126372
View this thread: http://forums.novell.com/showthread.php?t=454846

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Special characters in passwords--issue with AD

adamdn01,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.