So I have seen other threads with similar errors but after reading
through those I have not been able to solve my issue so I'm hoping for
some fresh ideas.

SSPR v3.3.1.0 b110 r38632 pointing to IDM 4.5.3 (eDir 8.8.8)

Our admin accounts can login and manage passwords through the Help Desk
modules with no problem. Non-admin users who meet the Help Desk
profiles can access the Help Desk module, search and select users, view
password history, basically do everything BUT change passwords. When
the non-admin users click the Change Password button they are allowed to
enter a new password or select a randomly generated password (which
generates fine according to the password policies) but regardless of
what password value is entered/selected the message "Password does not
meet requirements: undefined" appears in the SSPR UI and the password is
not changed.

This appears to be a rights issue of some kind in IDM for these users
(who are members of a group to meet the Help Desk profile filter) but I
am unable to figure out what rights need to be there.

I have attempted to set the groups security equal to the PWMProxy user
with no luck.

I have attempted to add the Password Management, pwmEventLog, and
pwmLastPwdUpdate rights to the groups for the Users OU (to match the
proxy user settings) with no luck.

I have even enabled the Use Proxy Account option for the Help Desk
profile with no luck (which may indicate a rights issue for my proxy
account too?).

I have seen some posts about adding various ACLs to individual users but
we are using multiple Help Desk profiles with multiple users in a large
organization (600,000+ users) so managing individual ACLs is not
something we want to do manually and inclusion into these
groups/profiles is not based on any identifiable data so automation is
not an option.

Any ideas would be greatly appreciated. Thanks in advance.


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=57000