Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1014

Reset Password functionality does not consider directory password configuration

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 2.1
    • 1.3.2
    • Core features
    • None
    • standalone, java version "1.5.0_11", windows xp professional

      The reset password functionality does not work when a directory password configuration has been set. For example, create a directory, set a password regex and try to reset a user's password in that directory. The password reset fails. This is described in more detail in this issue http://jira.atlassian.com/browse/CWD-362.

      I don't think this is a duplicate as the CWD-362 issue simply requests that the error reporting be fixed. In this issue I am requesting that the reset password functionality should respect the password configuration set for a directory. If not, it cannot be used when a password configuration is set.

            [CWD-1014] Reset Password functionality does not consider directory password configuration

            shihab added a comment -

            Implementation of a regex generator will likely be non-trivial and randomly generating a password till it matches the regexp is non-deterministic.

            An easier approach would be to allow users to specify a password generation pattern per directory as either:

            • letter (l): a-zA-Z
            • digit (d): 0-9
            • symbol (s): ~!@#$%^&*(),.

            So someone with the restriction of "at least six characters with at least one number and at least one symbol" could create a password generation pattern like "llldllls". This is a subset of all possible strings that match the restriction, but it much easier to specify and generate. The password validation pattern could still be the original regexp.

            shihab added a comment - Implementation of a regex generator will likely be non-trivial and randomly generating a password till it matches the regexp is non-deterministic. An easier approach would be to allow users to specify a password generation pattern per directory as either: letter (l): a-zA-Z digit (d): 0-9 symbol (s): ~!@#$%^&*(),. So someone with the restriction of "at least six characters with at least one number and at least one symbol" could create a password generation pattern like "llldllls". This is a subset of all possible strings that match the restriction, but it much easier to specify and generate. The password validation pattern could still be the original regexp.

            Hi,

            Not sure if this is the appropriate place to comment, but having the same issue but using an external Active Directory directory. AD has a requirement of "at least six characters with at least one number and at least one symbol". Trying to reset a password for an AD user usually fails with "LDAP: error code 53 - 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0" due to Crowd generating an invalid pw for AD.

            It would be nice if we could define a Regex expression for generated passwords for each directory, whether an internal or external directory.

            We're running Crowd 2.0.1 (Build:#408 - 27-08-2009 10:10:32), using SSL to connect to AD on Windows 2008.

            Thanks.

            Will Phillipson added a comment - Hi, Not sure if this is the appropriate place to comment, but having the same issue but using an external Active Directory directory. AD has a requirement of "at least six characters with at least one number and at least one symbol". Trying to reset a password for an AD user usually fails with "LDAP: error code 53 - 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0" due to Crowd generating an invalid pw for AD. It would be nice if we could define a Regex expression for generated passwords for each directory, whether an internal or external directory. We're running Crowd 2.0.1 (Build:#408 - 27-08-2009 10:10:32), using SSL to connect to AD on Windows 2008. Thanks.

            Alex James added a comment -

            Hi,

            This is very important for us too. We don't use an external directories for security reasons so the inherent functionality of the Crowd internal directory is critical. It seems surprising to me that Crowd isn't checking its own password strength requirements.

            Here's what we have today:

            ^(?=.*[0-9])(?=.*[a-zA-Z])(?!.*\s).{8,}$
            

            This should be equal to "at least 8 characters and at least 1 digit".

            Yet, Crowd's password generator doesn't meet this roughly 1 out of every 4 times. For the end user trying to reset their password, this results in a java stack error. Harumph.

            Alex James added a comment - Hi, This is very important for us too. We don't use an external directories for security reasons so the inherent functionality of the Crowd internal directory is critical. It seems surprising to me that Crowd isn't checking its own password strength requirements. Here's what we have today: ^(?=.*[0-9])(?=.*[a-zA-Z])(?!.*\s).{8,}$ This should be equal to "at least 8 characters and at least 1 digit". Yet, Crowd's password generator doesn't meet this roughly 1 out of every 4 times . For the end user trying to reset their password, this results in a java stack error. Harumph.

            Hi,

            This issue has been quiet for a while. Please can you give me a view of which version you are planning to fix this in?

            Cheers,
            Manish

            Manish Shah added a comment - Hi, This issue has been quiet for a while. Please can you give me a view of which version you are planning to fix this in? Cheers, Manish

            Hi Donna,

            This forum post describes the issue in more detail with some example
            regex. Let me know if you need any more info.

            http://forums.atlassian.com/thread.jspa?messageID=257278599&#257278599

            Cheers,
            Manish

            Manish Shah added a comment - Hi Donna, This forum post describes the issue in more detail with some example regex. Let me know if you need any more info. http://forums.atlassian.com/thread.jspa?messageID=257278599&#257278599 Cheers, Manish

            DonnaA added a comment -

            Manish,

            May I ask what password regex you were using in a Crowd directory that was not respected by the reset password functionality?

            Thanks,
            Donna

            DonnaA added a comment - Manish, May I ask what password regex you were using in a Crowd directory that was not respected by the reset password functionality? Thanks, Donna

              rbattaglin Renan Battaglin
              35675a1fff3b Manish Shah
              Affected customers:
              10 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: