Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/20/2022 05:59 PM
We use the SavPwFilter to synchronise AD with OpenLDAP. It is working, except users must include a special character in their password. AD does not require passwords to contain a special character. The SavPwFilter.json has filter:enabled:false.
I suspect the SaviyntDefaultRule password policy is enforcing this, as it does require a special character. I have tried to modify the SaviyntDefaultRule but it appears to be read only. I have created an application password policy that does not require a special character and applied it to the associated Security Systems, but this did not solve the problem.
In the SavPwFilter.log this is a password change with a special character:
2022-09-21T12:17:37ℹ️820: curlInterface-PostURL:: http response status code is 200 []
2022-09-21T12:17:37ℹ️820: curlInterface-ChangePassword::PostURL return result [0]
2022-09-21T12:17:37ℹ️820: curlInterface-ChangePassword:: Response Data: {"Status":"Success","TaskIDs":[888768],"errorCode":"0","message":"Password updated successfully"}
and this is the password change without a special character:
2022-09-21T12:18:53ℹ️820: curlInterface-PostURL:: http response status code is 412 []
2022-09-21T12:18:53ℹ️820: curlInterface-ChangePassword::PostURL return result [57756]
2022-09-21T12:18:53ℹ️820: curlInterface-ChangePassword:: Response status code: 412, Error Response:{"errorCode":"1","message":"password does not meet specified criteria"}
Solved! Go to Solution.
09/20/2022 06:25 PM
Solved.
There is an undocumented name value pair in SavPwFilter.json (search saviynt.freshdesk.com for "Configuring Password Synchronization from Active Directory"). You need to change it to set it as follows:
"validateagainstpolicy": "N"
09/21/2022 06:49 AM