000034705 - RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) reports this item failed: password does not meet complexity requirements when creating an AD account

Document created by RSA Customer Support Employee on Oct 28, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034705
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Product Set: Access Fulfillment Express (AFX)
RSA Version/Condition: All
IssueSometimes Active Directory (AD) account creation fails using AFX fulfillment. The following error is seen in the change request window:

[-1] and message: 'LDAPExecception: Server refused to perform operation.
Password does not meet complexity requirements (e.g. too short)'.
If available...

CauseThe generate password (${GeneratedPassword} ) variable is being used in the account template without a password policy. As a result, RSA Identity Governance and Lifecycle has no guidelines for generating a new password.
ResolutionDefine a password policy in RSA Identity Governance and Lifecycle that aligns with the policy in the Business source in which the account is being created.
To do this:
  1. Enable Password Management:
  2. Select Admin > System > Edit.  Set Password Management: On
  3. Select Requests > Password Management > Password Policies.
  4. Create your own password policy or modify one of the default policies. The purpose is to define a password policy the same as the business source and associate the policy with that business source.
For example, let's say your AD system requires a password that is a minimum of eight characters in length and at least one of those characters must be non-alphabetic. In this case, you may use the Basic Password Policy and associate it with the AD directory. For more complex password policies, either use the Secure Password Policy, or define a new policy by choosing New....
User-added image