Forum Discussion
NimbostratusAPM AD Query password change fails if User Display Name contains brackets ( )
Hello,
Does anyone have users in Active Directory that contain a set of brackets in the users' Display Name ?
I am not sure if I am going mad but we have found that we have some users that have something like (EXT) in their display name and when this user tries to change their password we get this delightful error in the apm log when the password change is attempted in the AD Query :
err apd[4851]: 01490000:3: AccessPolicyD.cpp func: "process_request()" line: 715 Msg: EXCEPTION Unmatched ( or (
FAILS: User Display Name:Doe John, ABC-DEF-XYZ (EXT)
WORKS: User Display Name:Doe John, ABC-DEF-XYZ
Assuming this is a bug I will open a case but "I can't believe it .."
thanks,
3 Replies
This is likely defect ID 442699. The problem occurs when Password Complexity Check function is enabled and displayName contains certain special characters.
Please mention this to support. The problem will be fixed in upcoming rollup hotfix packages, including 11.4.1 hf4.
In the meantime, you should be able to disable "Complexity check for Password Reset" to work around the problem.
Martin_RobbinsThat is exactly the issue, when I disable the complexity check then the password change goes through successfully.
thanks
Super! Thanks for the confirmation. The password complexity check feature essentially enables APM to do some special queries to determine if the proposed password from the user matches the policies in AD. With it enabled, the user will get an error before the password change is attempted if the complexity requirements are not met. If it's disabled, then the user will attempt the password change, but it will fail if complexity is not met.
