I am posting this here because Novell usually include Password Self Service
etc as a feature of Identity Management. If anyone considers there's a better
forrum for the post, I'd really appreciate you letting me know so I can move
it.


Anyway.....

In our set up we have Active Directory configured with the Microsoft Complex
Password enabled. Thus for hopefully perfectly synchronised passwords we
have configured our eDirectory Password Policy as "Use Microsoft Complexity
Policy".

We have dicovered though, that some users' passwords have been rejected by
Active Directory and investigation has revealed that these are users who
have inserted space characters in their passwords. We tried it out and discovered
that both the Novel Client 4.91SP4 and the fully up-to-date UserApp both
permit spaces in passwords when the user is changing them. We have Security
Services 2.0.5 and fully patched eDirectory 8.7.3.x


Spaces are not permitted by Microsoft in the Complex Password, I have tried
inserting spaces using the the MMC's Reset Password function and it squeals.
Only "()'~!@#$%^&*-+=|\{}[];:"`<>,.?_ and are allowed and thus AD rejects
the inbound password from eDirectory resulting in a mismatch of passwords
between eDir and AD

I have looked for patches for NMAS and Googled for other reports of this
problem without success.


So I wonder has anyone else discovered this? Is there a patch that anyone
knows of to cure it? We have discovered that within an hour of introducing
Password Policies, 8% of our users had decided to use a space as their special
character



Rgds - M