pwm
pwm copied to clipboard
pwm-project
attribut "AllowNonAlpha" not readable at NetIQeDirectory with NMAS Respones enabled in Versions >2.0
We are about testing version 2.0.6 If I try to change a password no password meets the policy. I had check the NMAS password policy with the user debug tool for the same user once with PWM Version 1.8 and once with PWM >2.0 (same PwmConfiguration.xml) and the difference is that the attribut "AllowNonAlpha" is in Version 1.8. readable and shown as "true" (like in eDirectory Policy defined) and with the programm > 2.0 the attribute is not found (n/a) for the same user with the same password policy in eDirectory.
User Debug for 1.8 "publicUserInfoBean": { "userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI", "ldapProfile": "default", "userID": "MMusterm", "userGUID": "cabccec36b8fb14e3382cabccec36b8f", "userEmailAddress": "[email protected]", "language": "en", "passwordExpirationTime": "2023-08-10T12:10:15Z", "passwordLastModifiedTime": "2023-07-11T12:10:15Z", "lastLoginTime": "2023-07-12T10:02:47Z", "requiresNewPassword": false, "requiresResponseConfig": false, "requiresUpdateProfile": false, "requiresOtpConfig": false, "requiresInteraction": false, "passwordStatus": { "expired": false, "preExpired": false, "violatesPolicy": false, "warnPeriod": false }, "passwordPolicy": { "MinimumNonAlpha": "0", "MaximumUpperCase": "0", "MinimumLowerCase": "0", "UniqueRequired": "TRUE", "MaximumLength": "20", "DisallowedValues": "", "MinimumLifetime": "0", "AllowLastCharNumeric": "TRUE", "AllowNonAlpha": "TRUE", "ExpirationInterval": "2592000", "MaximumSequentialRepeat": "4", "MinimumUpperCase": "1", "DisallowedAttributes": "FullName\nGivenName\nSurname", "ChangeMessage": "", "MaximumNumeric": "0", "AllowSpecial": "TRUE", "MinimumNumeric": "2", "AllowNumeric": "TRUE", "MaximumSpecial": "0", "AllowLastCharSpecial": "TRUE", "MinimumLength": "8", "AllowFirstCharNumeric": "TRUE", "PolicyEnabled": "true", "ADComplexityMaxViolations": "2", "MinimumUnique": "4", "CaseSensitive": "TRUE", "AllowFirstCharSpecial": "TRUE", "MinimumSpecial": "1", "MaximumLowerCase": "0", "MaximumNonAlpha": "0" }, "passwordRules": [ "Password is case sensitive.", "Must be at least 8 characters long.", "Must be no more than 20 characters long.", "Must include at least 2 numbers.", "Must have at least 1 symbol (non letter or number) character.", "Must not repeat any character sequentially more than 4 times.", "Must have at least 1 uppercase letter.", "Must have at least 4 unique characters.", "Must not include part of your name or user name.", "New password may not have been used previously." ] }, "passwordReadable": true, "passwordWithinMinimumLifetime": false, "permissions": { "PWMADMIN": "DENIED", "CHANGE_PASSWORD": "GRANTED", "ACTIVATE_USER": "DENIED", "SETUP_RESPONSE": "GRANTED", "GUEST_REGISTRATION": "DENIED", "PEOPLE_SEARCH": "GRANTED", "WEBSERVICE": "DENIED", "WEBSERVICE_THIRDPARTY": "DENIED" }, "ldapPasswordPolicy": { "policyMap": { "chai.pwrule.changeMessage": "", "chai.pwrule.upper.min": "1", "chai.pwrule.numeric.allow": "TRUE", "chai.pwrule.disallowedValues": "", "chai.pwrule.length.max": "20", "chai.pwrule.nonalpha.allow": "TRUE", "chai.pwrule.nonalpha.max": "0", "chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname", "chai.pwrule.uniqueRequired": "TRUE", "chai.pwrule.ADComplexity2008": "FALSE", "chai.pwrule.sequentialRepeat.max": "4", "chai.pwrule.lower.min": "0", "chai.pwrule.special.max": "0", "chai.pwrule.nonalpha.min": "0", "chai.pwrule.numeric.allowLast": "TRUE", "chai.pwrule.numeric.allowFirst": "TRUE", "chai.pwrule.policyEnabled": "true", "chai.pwrule.special.allow": "TRUE", "chai.pwrule.expirationInterval": "2592000", "chai.pwrule.special.min": "1", "chai.pwrule.lower.max": "0", "chai.pwrule.numeric.max": "0", "chai.pwrule.ADComplexityMaxViolation": "2", "chai.pwrule.upper.max": "0", "chai.pwrule.numeric.min": "2", "chai.pwrule.unique.min": "4", "chai.pwrule.special.allowFirst": "TRUE", "chai.pwrule.length.min": "8", "chai.pwrule.special.allowLast": "TRUE", "chai.pwrule.caseSensitive": "TRUE", "chai.pwrule.lifetime.minimimum": "0" } }, "configuredPasswordPolicy": { "policyMap": { "password.policy.maximumAlpha": "0", "chai.pwrule.repeat.max": "4", "chai.pwrule.upper.min": "0", "chai.pwrule.numeric.allow": "true", "chai.pwrule.disallowedValues": "password\ntest", "password.policy.disallowCurrent": "true", "password.policy.regExMatch": "", "chai.pwrule.length.max": "64", "chai.pwrule.nonalpha.allow": "true", "chai.pwrule.nonalpha.max": "0", "password.policy.ADComplexityLevel": "NONE", "password.policy.minimumStrength": "0", "chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn", "password.policy.charGroup.minimumMatch": "0", "chai.pwrule.sequentialRepeat.max": "4", "password.policy.minimumAlpha": "0", "chai.pwrule.lower.min": "0", "chai.pwrule.special.max": "0", "password.policy.allowMacroInRegexSetting": "true", "chai.pwrule.numeric.allowLast": "true", "chai.pwrule.nonalpha.min": "0", "password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]", "chai.pwrule.numeric.allowFirst": "true", "chai.pwrule.special.allow": "true", "chai.pwrule.special.min": "1", "chai.pwrule.lower.max": "0", "chai.pwrule.numeric.max": "4", "password.policy.checkWordlist": "true", "chai.pwrule.ADComplexityMaxViolation": "2", "chai.pwrule.upper.max": "0", "chai.pwrule.numeric.min": "2", "chai.pwrule.unique.min": "0", "chai.pwrule.special.allowFirst": "true", "chai.pwrule.length.min": "8", "chai.pwrule.special.allowLast": "true", "password.policy.maximumConsecutive": "0", "password.policy.maximumOldPasswordChars": "1", "chai.pwrule.lifetime.minimimum": "0", "password.policy.regExNoMatch": "" },
User debug for 2.0.6
"publicUserInfoBean": { "userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI", "ldapProfile": "default", "userID": "MMusterm", "userGUID": "cabccec36b8fb14e3382cabccec36b8f", "userEmailAddress": "[email protected]", "language": "en", "passwordExpirationTime": "2023-08-10T12:10:15Z", "passwordLastModifiedTime": "2023-07-11T12:10:15Z", "lastLoginTime": "2023-07-12T10:02:47Z", "requiresNewPassword": false, "requiresResponseConfig": false, "requiresUpdateProfile": false, "requiresOtpConfig": false, "requiresInteraction": false, "passwordStatus": { "expired": false, "preExpired": false, "violatesPolicy": false, "warnPeriod": false }, "passwordPolicy": { "MinimumNonAlpha": "0", "MaximumUpperCase": "0", "MinimumLowerCase": "0", "UniqueRequired": "TRUE", "MaximumLength": "20", "DisallowedValues": "", "MinimumLifetime": "0", "AllowLastCharNumeric": "TRUE", "AllowNonAlpha": "TRUE", "ExpirationInterval": "2592000", "MaximumSequentialRepeat": "4", "MinimumUpperCase": "1", "DisallowedAttributes": "FullName\nGivenName\nSurname", "ChangeMessage": "", "MaximumNumeric": "0", "AllowSpecial": "TRUE", "MinimumNumeric": "2", "AllowNumeric": "TRUE", "MaximumSpecial": "0", "AllowLastCharSpecial": "TRUE", "MinimumLength": "8", "AllowFirstCharNumeric": "TRUE", "PolicyEnabled": "true", "ADComplexityMaxViolations": "2", "MinimumUnique": "4", "CaseSensitive": "TRUE", "AllowFirstCharSpecial": "TRUE", "MinimumSpecial": "1", "MaximumLowerCase": "0", "MaximumNonAlpha": "0" }, "passwordRules": [ "Password is case sensitive.", "Must be at least 8 characters long.", "Must be no more than 20 characters long.", "Must include at least 2 numbers.", "Must have at least 1 symbol (non letter or number) character.", "Must not repeat any character sequentially more than 4 times.", "Must have at least 1 uppercase letter.", "Must have at least 4 unique characters.", "Must not include part of your name or user name.", "New password may not have been used previously." ] }, "passwordReadable": true, "passwordWithinMinimumLifetime": false, "permissions": { "PWMADMIN": "DENIED", "CHANGE_PASSWORD": "GRANTED", "ACTIVATE_USER": "DENIED", "SETUP_RESPONSE": "GRANTED", "GUEST_REGISTRATION": "DENIED", "PEOPLE_SEARCH": "GRANTED", "WEBSERVICE": "DENIED", "WEBSERVICE_THIRDPARTY": "DENIED" }, "ldapPasswordPolicy": { "policyMap": { "chai.pwrule.changeMessage": "", "chai.pwrule.upper.min": "1", "chai.pwrule.numeric.allow": "TRUE", "chai.pwrule.disallowedValues": "", "chai.pwrule.length.max": "20", "chai.pwrule.nonalpha.allow": "TRUE", "chai.pwrule.nonalpha.max": "0", "chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname", "chai.pwrule.uniqueRequired": "TRUE", "chai.pwrule.ADComplexity2008": "FALSE", "chai.pwrule.sequentialRepeat.max": "4", "chai.pwrule.lower.min": "0", "chai.pwrule.special.max": "0", "chai.pwrule.nonalpha.min": "0", "chai.pwrule.numeric.allowLast": "TRUE", "chai.pwrule.numeric.allowFirst": "TRUE", "chai.pwrule.policyEnabled": "true", "chai.pwrule.special.allow": "TRUE", "chai.pwrule.expirationInterval": "2592000", "chai.pwrule.special.min": "1", "chai.pwrule.lower.max": "0", "chai.pwrule.numeric.max": "0", "chai.pwrule.ADComplexityMaxViolation": "2", "chai.pwrule.upper.max": "0", "chai.pwrule.numeric.min": "2", "chai.pwrule.unique.min": "4", "chai.pwrule.special.allowFirst": "TRUE", "chai.pwrule.length.min": "8", "chai.pwrule.special.allowLast": "TRUE", "chai.pwrule.caseSensitive": "TRUE", "chai.pwrule.lifetime.minimimum": "0" } }, "configuredPasswordPolicy": { "policyMap": { "password.policy.maximumAlpha": "0", "chai.pwrule.repeat.max": "4", "chai.pwrule.upper.min": "0", "chai.pwrule.numeric.allow": "true", "chai.pwrule.disallowedValues": "password\ntest", "password.policy.disallowCurrent": "true", "password.policy.regExMatch": "", "chai.pwrule.length.max": "64", "chai.pwrule.nonalpha.allow": "true", "chai.pwrule.nonalpha.max": "0", "password.policy.ADComplexityLevel": "NONE", "password.policy.minimumStrength": "0", "chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn", "password.policy.charGroup.minimumMatch": "0", "chai.pwrule.sequentialRepeat.max": "4", "password.policy.minimumAlpha": "0", "chai.pwrule.lower.min": "0", "chai.pwrule.special.max": "0", "password.policy.allowMacroInRegexSetting": "true", "chai.pwrule.numeric.allowLast": "true", "chai.pwrule.nonalpha.min": "0", "password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]", "chai.pwrule.numeric.allowFirst": "true", "chai.pwrule.special.allow": "true", "chai.pwrule.special.min": "1", "chai.pwrule.lower.max": "0", "chai.pwrule.numeric.max": "4", "password.policy.checkWordlist": "true", "chai.pwrule.ADComplexityMaxViolation": "2", "chai.pwrule.upper.max": "0", "chai.pwrule.numeric.min": "2", "chai.pwrule.unique.min": "0", "chai.pwrule.special.allowFirst": "true", "chai.pwrule.length.min": "8", "chai.pwrule.special.allowLast": "true", "password.policy.maximumConsecutive": "0", "password.policy.maximumOldPasswordChars": "1", "chai.pwrule.lifetime.minimimum": "0", "password.policy.regExNoMatch": "" },
