Out of the box ENTM basically does not enforce a password policy to newly created users.
If such password policy is introduced later on and an existing user is to be modified, an error is output should its previous password not meet the new password policy.
However in the modify user dialog there is no option to change the password.
One can circumvent this issue by resetting the user's password before modifying the user details. Alternatively it is possible to stop password quality checking in ENTM upon modifying user details.
This document explains how the issue exhibits and the specific steps how to resolve it.
It only applies if
- for the ENTM user store the Central Database is used (not for external LDAP as a user store)
- only for the users which were created before implementing the password policy or while modification of existing users after an existing password policy has been tightened
The current document showcases the steps to replicate and as well as the steps to fix the problem.
- Create users in ENTM, with no password policy restrictions, if password policy is not enforced.
- If Password policy is enabled, create the user by providing the password that matches the existing password policy.
- Either enable / modify the existing password policy
Below is a sample of a password policy being used for the purpose of this document.
- Search for users and attempt to modify the user details / fill in additional details and click the submit button.
- For sake of this document, user 'TecDoc02' is being selected for modification
- Upon submission of user details modification, an error message related to the password policy would appear. The error message text might differ based upon the password policy that is being implemented. This error message should not appear as there is no option for modifying the user password.
Cause for the error message:
When we Create User/Modify User/Reset Password, it will fire all the password policy defined in managed password policy section of users link in Users & Groups section. These password policies will apply for the whole user directory. We cannot suppress or remove policy for any particular user; this is the functionality within IAM framework.
- Either reset the user password as per the policy using the reset password functionality in ENTM for the same user and then proceed with modify user. This action needs to be performed for all the users whose password is not complying with the current password policy.
Users and Groups --> Users --> Reset User Password (Search for the user and reset the password in accordance with the password policy)
- Follow the steps below which will remove sending password field while modifying user -OR- will provide the password field while modifying the user details.
- Go to Users & Groups -> Tasks -> Modify Admin Task -> search for [Modify User] and select to edit
- The following screen appears when the edit option is clicked
- Go to Tabs section and select "Profile" under the "Tab" column to edit
- Select "Screen : Default user Profile" to edit
- Select "Default User Profile " and click Edit button to edit the profile
- Select and Delete the password field if you delete the password field, it will not be validated while modifying the user.
- Either delete the password field as per the steps above in 'F'. Or select the password field to edit and select style as password. If you select password in this field, it will provide the password field while modifying user(s).
End of the document.