Password policy error message while modifying user(s) details.

Document ID : KB000048317
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Out of the box ENTM basically does not enforce a password policy to newly created users.

If such password policy is introduced later on and an existing user is to be modified, an error is output should its previous password not meet the new password policy.

However in the modify user dialog there is no option to change the password.

One can circumvent this issue by resetting the user's password before modifying the user details. Alternatively it is possible to stop password quality checking in ENTM upon modifying user details.

This document explains how the issue exhibits and the specific steps how to resolve it.

It only applies if

  • for the ENTM user store the Central Database is used (not for external LDAP as a user store)

  • only for the users which were created before implementing the password policy or while modification of existing users after an existing password policy has been tightened

Solution:

The current document showcases the steps to replicate and as well as the steps to fix the problem.

Step 1:

  • Create users in ENTM, with no password policy restrictions, if password policy is not enforced.

  • If Password policy is enabled, create the user by providing the password that matches the existing password policy.

Step 2:

  • Either enable / modify the existing password policy
    Below is a sample of a password policy being used for the purpose of this document.

    Figure 1

Step 3:

  • Search for users and attempt to modify the user details / fill in additional details and click the submit button.

  • For sake of this document, user 'TecDoc02' is being selected for modification

    Figure 2

    Figure 3

Step 4:

  • Upon submission of user details modification, an error message related to the password policy would appear. The error message text might differ based upon the password policy that is being implemented. This error message should not appear as there is no option for modifying the user password.

    Figure 4

Cause for the error message:

When we Create User/Modify User/Reset Password, it will fire all the password policy defined in managed password policy section of users link in Users & Groups section. These password policies will apply for the whole user directory. We cannot suppress or remove policy for any particular user; this is the functionality within IAM framework.

Solution/Workaround:

  1. Either reset the user password as per the policy using the reset password functionality in ENTM for the same user and then proceed with modify user. This action needs to be performed for all the users whose password is not complying with the current password policy.

    Users and Groups --> Users --> Reset User Password (Search for the user and reset the password in accordance with the password policy)

    Figure 5

  2. Follow the steps below which will remove sending password field while modifying user -OR- will provide the password field while modifying the user details.

    1. Go to Users & Groups -> Tasks -> Modify Admin Task -> search for [Modify User] and select to edit

      Figure 6

    2. The following screen appears when the edit option is clicked

      Figure 7

    3. Go to Tabs section and select "Profile" under the "Tab" column to edit

      Figure 8

    4. Select "Screen : Default user Profile" to edit

      Figure 9

    5. Select "Default User Profile " and click Edit button to edit the profile

      Figure 10

    6. Select and Delete the password field if you delete the password field, it will not be validated while modifying the user.

      Figure 11

      Figure 12

    7. Either delete the password field as per the steps above in 'F'. Or select the password field to edit and select style as password. If you select password in this field, it will provide the password field while modifying user(s).

      Figure 13

      Figure 14

      End of the document.