Article Number | 000034705 |
Applies To | RSA Product Set: Identity Governance & Lifecycle RSA Product Set: Access Fulfillment Express (AFX) RSA Version/Condition: All |
Issue | Sometimes Active Directory (AD) account creation fails using AFX fulfillment. The following error is seen in the change request window:
[-1] and message: 'LDAPExecception: Server refused to perform operation. Password does not meet complexity requirements (e.g. too short)'. If available...
|
Cause | The generate password (${GeneratedPassword} ) variable is being used in the account template without a password policy. As a result, RSA Identity Governance and Lifecycle has no guidelines for generating a new password. |
Resolution | Define a password policy in RSA Identity Governance and Lifecycle that aligns with the policy in the Business source in which the account is being created. To do this:
- Enable Password Management:
- Select Admin > System > Edit. Set Password Management: On
- Select Requests > Password Management > Password Policies.
- Create your own password policy or modify one of the default policies. The purpose is to define a password policy the same as the business source and associate the policy with that business source.
For example, let's say your AD system requires a password that is a minimum of eight characters in length and at least one of those characters must be non-alphabetic. In this case, you may use the Basic Password Policy and associate it with the AD directory. For more complex password policies, either use the Secure Password Policy, or define a new policy by choosing New....
|