muditgupta13 Absent Member.
Absent Member.
645 views

Disallow Current Password to be used again

After migration of edirectory, while testing I am not able to prevent users from repeating the current password as new password.

Earlier when user try to use the same password, they face the error "New password has been configured previously"

But now I am not getting this and user is able to repeat their previous password.

My SSPR is present on Linux and I used apache-tomcat-7.0.29:

1. Is there any way where I can check the issue and apply the same setting which was used previously.
2. Also can this issue be related because I have migrated eDirectory from one windows server to other ?
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Disallow Current Password to be used again

muditgupta13 wrote:

> After migration of edirectory, while testing I am not able to prevent
> users from repeating the current password as new password.
>
> Earlier when user try to use the same password, they face the error "New
> password has been configured previously"
>
> But now I am not getting this and user is able to repeat their previous
> password.
>
> My SSPR is present on Linux and I used apache-tomcat-7.0.29:


Is SSPR configured to apply NMAS password rules or do you use the built-in
rules? If NMAS: did you verify the affected account has UP policy assigned
where password history is enabled?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
muditgupta13 Absent Member.
Absent Member.

Re: Disallow Current Password to be used again

Thanks lhaeger for quick response,

We have use the built in rules as Forget password was not enabled in LDAP thus SSPR rules wil takes over (as per documents)

Here's a weird thing, after migration I can see SSPR error such as:

New password is too obvious(4029)
New password is the same as the current password(4028)

Only facing issue with error as:
New password has been used previously (4004)

Exact issue is when we click on Forget password >> we are thrown to security question page >> from there when we try to enter the new password(which has been used earlier), Instead of getting Error code 4004, the same jsp page is coming again.

Hope this log file can clarify something:

2018-01-09 04:20:24, WARN , pwm.PasswordUtility, {4,rb8029} 4004 PASSWORD_PREVIOUSLYUSED (error setting password for user 'cn=rb8029,OU=USERS,O=xxx'' [LDAP: error code 19 - NDS error: duplicate password or Q in service (-215)]) [xxx.xx.xx.xx]

The above error is somehow not visible in our application page

While for the same user, we can see:

2018-01-09 03:54:18, DEBUG, servlet.ChangePasswordServlet, {4,rb8029} failed password validation check: 4028 PASSWORD_SAMEASOLD [xxx.xx.x.x]

Which is visible in our application page.

Please suggest any root cause for this issue.
- Thanks
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.