Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

attribut "AllowNonAlpha" not readable at NetIQeDirectory with NMAS Respones enabled in Versions >2.0 #702

Open
mtsadminhki opened this issue Jul 12, 2023 · 0 comments
Open

attribut "AllowNonAlpha" not readable at NetIQeDirectory with NMAS Respones enabled in Versions >2.0 #702

mtsadminhki opened this issue Jul 12, 2023 · 0 comments

Comments

@mtsadminhki
Copy link

We are about testing version 2.0.6
If I try to change a password no password meets the policy.
I had check the NMAS password policy with the user debug tool for the same user once with PWM Version 1.8 and once with PWM >2.0 (same PwmConfiguration.xml) and the difference is that the attribut "AllowNonAlpha" is in Version 1.8. readable and shown as "true" (like in eDirectory Policy defined) and with the programm > 2.0 the attribute is not found (n/a) for the same user with the same password policy in eDirectory.

User Debug for 1.8
"publicUserInfoBean": {
"userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI",
"ldapProfile": "default",
"userID": "MMusterm",
"userGUID": "cabccec36b8fb14e3382cabccec36b8f",
"userEmailAddress": "[email protected]",
"language": "en",
"passwordExpirationTime": "2023-08-10T12:10:15Z",
"passwordLastModifiedTime": "2023-07-11T12:10:15Z",
"lastLoginTime": "2023-07-12T10:02:47Z",
"requiresNewPassword": false,
"requiresResponseConfig": false,
"requiresUpdateProfile": false,
"requiresOtpConfig": false,
"requiresInteraction": false,
"passwordStatus": {
"expired": false,
"preExpired": false,
"violatesPolicy": false,
"warnPeriod": false
},
"passwordPolicy": {
"MinimumNonAlpha": "0",
"MaximumUpperCase": "0",
"MinimumLowerCase": "0",
"UniqueRequired": "TRUE",
"MaximumLength": "20",
"DisallowedValues": "",
"MinimumLifetime": "0",
"AllowLastCharNumeric": "TRUE",
"AllowNonAlpha": "TRUE",
"ExpirationInterval": "2592000",
"MaximumSequentialRepeat": "4",
"MinimumUpperCase": "1",
"DisallowedAttributes": "FullName\nGivenName\nSurname",
"ChangeMessage": "",
"MaximumNumeric": "0",
"AllowSpecial": "TRUE",
"MinimumNumeric": "2",
"AllowNumeric": "TRUE",
"MaximumSpecial": "0",
"AllowLastCharSpecial": "TRUE",
"MinimumLength": "8",
"AllowFirstCharNumeric": "TRUE",
"PolicyEnabled": "true",
"ADComplexityMaxViolations": "2",
"MinimumUnique": "4",
"CaseSensitive": "TRUE",
"AllowFirstCharSpecial": "TRUE",
"MinimumSpecial": "1",
"MaximumLowerCase": "0",
"MaximumNonAlpha": "0"
},
"passwordRules": [
"Password is case sensitive.",
"Must be at least 8 characters long.",
"Must be no more than 20 characters long.",
"Must include at least 2 numbers.",
"Must have at least 1 symbol (non letter or number) character.",
"Must not repeat any character sequentially more than 4 times.",
"Must have at least 1 uppercase letter.",
"Must have at least 4 unique characters.",
"Must not include part of your name or user name.",
"New password may not have been used previously."
]
},
"passwordReadable": true,
"passwordWithinMinimumLifetime": false,
"permissions": {
"PWMADMIN": "DENIED",
"CHANGE_PASSWORD": "GRANTED",
"ACTIVATE_USER": "DENIED",
"SETUP_RESPONSE": "GRANTED",
"GUEST_REGISTRATION": "DENIED",
"PEOPLE_SEARCH": "GRANTED",
"WEBSERVICE": "DENIED",
"WEBSERVICE_THIRDPARTY": "DENIED"
},
"ldapPasswordPolicy": {
"policyMap": {
"chai.pwrule.changeMessage": "",
"chai.pwrule.upper.min": "1",
"chai.pwrule.numeric.allow": "TRUE",
"chai.pwrule.disallowedValues": "",
"chai.pwrule.length.max": "20",
"chai.pwrule.nonalpha.allow": "TRUE",
"chai.pwrule.nonalpha.max": "0",
"chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname",
"chai.pwrule.uniqueRequired": "TRUE",
"chai.pwrule.ADComplexity2008": "FALSE",
"chai.pwrule.sequentialRepeat.max": "4",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"chai.pwrule.nonalpha.min": "0",
"chai.pwrule.numeric.allowLast": "TRUE",
"chai.pwrule.numeric.allowFirst": "TRUE",
"chai.pwrule.policyEnabled": "true",
"chai.pwrule.special.allow": "TRUE",
"chai.pwrule.expirationInterval": "2592000",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "0",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "4",
"chai.pwrule.special.allowFirst": "TRUE",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "TRUE",
"chai.pwrule.caseSensitive": "TRUE",
"chai.pwrule.lifetime.minimimum": "0"
}
},
"configuredPasswordPolicy": {
"policyMap": {
"password.policy.maximumAlpha": "0",
"chai.pwrule.repeat.max": "4",
"chai.pwrule.upper.min": "0",
"chai.pwrule.numeric.allow": "true",
"chai.pwrule.disallowedValues": "password\ntest",
"password.policy.disallowCurrent": "true",
"password.policy.regExMatch": "",
"chai.pwrule.length.max": "64",
"chai.pwrule.nonalpha.allow": "true",
"chai.pwrule.nonalpha.max": "0",
"password.policy.ADComplexityLevel": "NONE",
"password.policy.minimumStrength": "0",
"chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn",
"password.policy.charGroup.minimumMatch": "0",
"chai.pwrule.sequentialRepeat.max": "4",
"password.policy.minimumAlpha": "0",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"password.policy.allowMacroInRegexSetting": "true",
"chai.pwrule.numeric.allowLast": "true",
"chai.pwrule.nonalpha.min": "0",
"password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]",
"chai.pwrule.numeric.allowFirst": "true",
"chai.pwrule.special.allow": "true",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "4",
"password.policy.checkWordlist": "true",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "0",
"chai.pwrule.special.allowFirst": "true",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "true",
"password.policy.maximumConsecutive": "0",
"password.policy.maximumOldPasswordChars": "1",
"chai.pwrule.lifetime.minimimum": "0",
"password.policy.regExNoMatch": ""
},

User debug for 2.0.6

"publicUserInfoBean": {
"userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI",
"ldapProfile": "default",
"userID": "MMusterm",
"userGUID": "cabccec36b8fb14e3382cabccec36b8f",
"userEmailAddress": "[email protected]",
"language": "en",
"passwordExpirationTime": "2023-08-10T12:10:15Z",
"passwordLastModifiedTime": "2023-07-11T12:10:15Z",
"lastLoginTime": "2023-07-12T10:02:47Z",
"requiresNewPassword": false,
"requiresResponseConfig": false,
"requiresUpdateProfile": false,
"requiresOtpConfig": false,
"requiresInteraction": false,
"passwordStatus": {
"expired": false,
"preExpired": false,
"violatesPolicy": false,
"warnPeriod": false
},
"passwordPolicy": {
"MinimumNonAlpha": "0",
"MaximumUpperCase": "0",
"MinimumLowerCase": "0",
"UniqueRequired": "TRUE",
"MaximumLength": "20",
"DisallowedValues": "",
"MinimumLifetime": "0",
"AllowLastCharNumeric": "TRUE",
"AllowNonAlpha": "TRUE",
"ExpirationInterval": "2592000",
"MaximumSequentialRepeat": "4",
"MinimumUpperCase": "1",
"DisallowedAttributes": "FullName\nGivenName\nSurname",
"ChangeMessage": "",
"MaximumNumeric": "0",
"AllowSpecial": "TRUE",
"MinimumNumeric": "2",
"AllowNumeric": "TRUE",
"MaximumSpecial": "0",
"AllowLastCharSpecial": "TRUE",
"MinimumLength": "8",
"AllowFirstCharNumeric": "TRUE",
"PolicyEnabled": "true",
"ADComplexityMaxViolations": "2",
"MinimumUnique": "4",
"CaseSensitive": "TRUE",
"AllowFirstCharSpecial": "TRUE",
"MinimumSpecial": "1",
"MaximumLowerCase": "0",
"MaximumNonAlpha": "0"
},
"passwordRules": [
"Password is case sensitive.",
"Must be at least 8 characters long.",
"Must be no more than 20 characters long.",
"Must include at least 2 numbers.",
"Must have at least 1 symbol (non letter or number) character.",
"Must not repeat any character sequentially more than 4 times.",
"Must have at least 1 uppercase letter.",
"Must have at least 4 unique characters.",
"Must not include part of your name or user name.",
"New password may not have been used previously."
]
},
"passwordReadable": true,
"passwordWithinMinimumLifetime": false,
"permissions": {
"PWMADMIN": "DENIED",
"CHANGE_PASSWORD": "GRANTED",
"ACTIVATE_USER": "DENIED",
"SETUP_RESPONSE": "GRANTED",
"GUEST_REGISTRATION": "DENIED",
"PEOPLE_SEARCH": "GRANTED",
"WEBSERVICE": "DENIED",
"WEBSERVICE_THIRDPARTY": "DENIED"
},
"ldapPasswordPolicy": {
"policyMap": {
"chai.pwrule.changeMessage": "",
"chai.pwrule.upper.min": "1",
"chai.pwrule.numeric.allow": "TRUE",
"chai.pwrule.disallowedValues": "",
"chai.pwrule.length.max": "20",
"chai.pwrule.nonalpha.allow": "TRUE",
"chai.pwrule.nonalpha.max": "0",
"chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname",
"chai.pwrule.uniqueRequired": "TRUE",
"chai.pwrule.ADComplexity2008": "FALSE",
"chai.pwrule.sequentialRepeat.max": "4",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"chai.pwrule.nonalpha.min": "0",
"chai.pwrule.numeric.allowLast": "TRUE",
"chai.pwrule.numeric.allowFirst": "TRUE",
"chai.pwrule.policyEnabled": "true",
"chai.pwrule.special.allow": "TRUE",
"chai.pwrule.expirationInterval": "2592000",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "0",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "4",
"chai.pwrule.special.allowFirst": "TRUE",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "TRUE",
"chai.pwrule.caseSensitive": "TRUE",
"chai.pwrule.lifetime.minimimum": "0"
}
},
"configuredPasswordPolicy": {
"policyMap": {
"password.policy.maximumAlpha": "0",
"chai.pwrule.repeat.max": "4",
"chai.pwrule.upper.min": "0",
"chai.pwrule.numeric.allow": "true",
"chai.pwrule.disallowedValues": "password\ntest",
"password.policy.disallowCurrent": "true",
"password.policy.regExMatch": "",
"chai.pwrule.length.max": "64",
"chai.pwrule.nonalpha.allow": "true",
"chai.pwrule.nonalpha.max": "0",
"password.policy.ADComplexityLevel": "NONE",
"password.policy.minimumStrength": "0",
"chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn",
"password.policy.charGroup.minimumMatch": "0",
"chai.pwrule.sequentialRepeat.max": "4",
"password.policy.minimumAlpha": "0",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"password.policy.allowMacroInRegexSetting": "true",
"chai.pwrule.numeric.allowLast": "true",
"chai.pwrule.nonalpha.min": "0",
"password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]",
"chai.pwrule.numeric.allowFirst": "true",
"chai.pwrule.special.allow": "true",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "4",
"password.policy.checkWordlist": "true",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "0",
"chai.pwrule.special.allowFirst": "true",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "true",
"password.policy.maximumConsecutive": "0",
"password.policy.maximumOldPasswordChars": "1",
"chai.pwrule.lifetime.minimimum": "0",
"password.policy.regExNoMatch": ""
},
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mtsadminhki