New password does not meet rule requirements

1,722 views
Skip to first unread message

drosa...@gmail.com

unread,
Jul 12, 2018, 3:48:19 PM7/12/18
to pwm-general
I cannot figure out why users are unable to change passwords. I have changed the settings in Active Directory to Minimum Password to 0 so they can change their password whenever.

Under Password Policy Source I changed it to Local

Under Password Policies default

I have LDAP profile as "all" I have Active Directory Password Complexity set to None -

This is installed on Server 2012 R2.

Can someone help me out?

Error is below


New password does not meet rule requirements { 4006 PASSWORD_BADPASSWORD (error setting password for user 'CN=Al Blake,OU=Sales,OU=Users OU Pompano,DC=MyDomainXXX,DC=com (default)'' com.novell.ldapchai.exception.ChaiPasswordPolicyException: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191083, #1:
0: 0000052D: DSID-03191083, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
]) }

mas...@gmail.com

unread,
Jul 13, 2018, 12:21:15 AM7/13/18
to pwm-general
I resolved this by doing:

1. Changed configIsEditable=false to configIsEditable=true in the file PwmConfiguration.xml
2. Restarted Apache Tomcat
3. Added all the Domain Controllers, imported their certificates.

drosa...@gmail.com

unread,
Jul 13, 2018, 10:47:25 AM7/13/18
to pwm-general
Only have One DC at this site.

meng...@rafflesia.edu.my

unread,
Jul 24, 2018, 10:41:56 PM7/24/18
to pwm-general

i follow all of this but still same issue .

meng...@rafflesia.edu.my

unread,
Jul 24, 2018, 11:37:08 PM7/24/18
to pwm-general
i happen to make all error gone.

but still.
it said" New password does not meet rule requirements"

this is the only error .

my policy is only min 7 character/num .

nothing more.

Andrea Favero

unread,
Jul 25, 2018, 12:39:36 AM7/25/18
to pwm-g...@googlegroups.com
Hi, does your AD/LDAP server have any minimum day policy embedded for recently changed passwords? I had the same problem triyng to chance again a pasword that was already recently set. 

--




--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/df3a811c-eac9-4cb1-97d5-ccbcb19090cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

meng...@rafflesia.edu.my

unread,
Jul 25, 2018, 2:35:06 AM7/25/18
to pwm-general
is not related to day policy as the minimum age i set to 0.

after i switch the password policy source back to the merge mode.
now i can change the password without issue .

wondering how to not store in localdb but ldap ? i didn't find any documentation about it,

Andrea Favero

unread,
Jul 25, 2018, 3:14:28 AM7/25/18
to pwm-g...@googlegroups.com
Sorry, what parameter are you trying to store over LDAP exactly? Local db should only used for testing purposes

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/d66a10e4-7dc7-4586-9cce-494a1907b22c%40googlegroups.com.

meng...@rafflesia.edu.my

unread,
Jul 25, 2018, 3:48:54 AM7/25/18
to pwm-general
challenge question and answer?
when i choose LDAP , i face error 5045 .

Reply all
Reply to author
Forward
0 new messages