Reg ex for password validation

hi help me for password validation......
Password should contain 6 to 8 characters, at least one letter and at least one number, contain no spaces and no special characters (e.g. &, >, *,$)

String[] tests = {"abc1def", "2abcdef", "abcdef", "123456"};
for(String t: tests) {
  if(t.matches("^(?=\\D*\\d)(?=[^a-zA-Z]*[a-zA-Z]).*$")) {
    System.out.println("Accepted: "+t);
  } else {
    System.out.println("Rejected: "+t);
// Accepted: abc1def
// Accepted: 2abcdef
// Rejected: abcdef
// Rejected: 123456@OP: this does not answer your question, but it will get you started. Try to finish it yourself.

Similar Messages

  • Why are errors for password validation in struts 1.2.4 not being displayed

    I have the following in my validation.xml file
    <field property="passwordconfirm"
    depends="required">
    <arg0 key="registration.passwordconfirm"/>
    </field>
    In my jsp I have the following
    Password Confirm<html:password property="passwordconfirm" size="10" />
         <html:errors property="passwordconfirm"/>
    In my ApplicationResources.properties file I have the following
    errors.required={0} is required.
    registration.firstname = First name
    registration.passwordconfim= Password
    Other text fields work fine i.e. the errors are shown

    sorry this should read why no errors shown for password validation in struts 1.2.4.

  • Custom password validation

    hi,
    I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
    also, i would like to know how to customize the message that appears.
    example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
    package oracle.apps.fnd.security;
    import oracle.apps.fnd.common.VersionInfo;
    // Referenced classes of package oracle.apps.fnd.security:
    // PasswordValidation
    public class AppsPasswordValidationCUS
    implements PasswordValidation
    public String getErrorStackApplicationName()
    return "FND";
    public String getErrorStackMessageName()
    return m_errorStackMessageName;
    public boolean validate(String username, String password)
    if(password ==null || password.length() == 0 || username == null || username.length() == 0)
    m_errorStackMessageName = "PASSWORD-INVALID";
    return false;
    if(password.length() < 6)
    m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
    return false;
    if(!validateLettersAndDigits(password))
    m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
    return false;
    if(!validateNoUsername(username, password))
    m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
    return false;
    if(!validateNoRepeats(password))
    m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
    return false;
    return true;
    private boolean validateLettersAndDigits(String p_password)
    boolean flag = false;
    boolean flag1 = false;
    for(int i = 0; i < p_password.length(); i++)
    if(Character.isLetter(p_password.charAt(i)))
    flag = true;
    if(Character.isDigit(p_password.charAt(i)))
    flag1 = true;
    return flag && flag1;
    private boolean validateNoUsername(String p_username, String p_password)
    return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
    private boolean validateNoRepeats(String p_password)
    for(int i = 1; i < p_password.length(); i++)
    if(p_password.charAt(i) == p_password.charAt(i - 1))
    return false;
    return true;
    private String m_errorStackMessageName;
    }

    Hi Colin,
    We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
    Bug Report Form
    An error has occurred while executing the application.
    Your browser doesn't support sending mail automatically!
    Please send E-Mail to <a =""></a> with the following information:
    Your Name
    Organization
    E-Mail Address
    Phone Number
    Comment
    Make sure to append the following traceback in the mail.
    Traceback Traceback is unavailable.
    Product Lost Password ManagementVersion
    Platform Linux
    Any clue as when we will witness this?
    -Mahendra.

  • Pam.conf does not use ldap for password length check when changing passwd

    I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
    I have dsee 6.0 installed on a solaris 10 server (client).
    I have a solaris 9 server (server) set up to use ldap authentication.
    bash-2.05# cat /var/ldap/ldap_client_file
    # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_SERVERS= X, Y
    NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
    NS_LDAP_AUTH= tls:simple
    NS_LDAP_SEARCH_REF= FALSE
    NS_LDAP_SEARCH_SCOPE= one
    NS_LDAP_SEARCH_TIME= 30
    NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
    NS_LDAP_CACHETTL= 43200
    NS_LDAP_PROFILE= tls_profile
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
    NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
    NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
    NS_LDAP_BIND_TIME= 10
    bash-2.05# cat /var/ldap/ldap_client_cred
    # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
    NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
    NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
    bash-2.05# cat /etc/nsswitch.conf
    # /etc/nsswitch.ldap:
    # An example file that could be copied over to /etc/nsswitch.conf; it
    # uses LDAP in conjunction with files.
    # "hosts:" and "services:" in this file are used only if the
    # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
    # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
    passwd: files ldap
    group: files ldap
    # consult /etc "files" only if ldap is down.
    hosts: files dns
    ipnodes: files
    # Uncomment the following line and comment out the above to resolve
    # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
    # IPv4 addresses are searched in all of the ipnodes databases before
    # searching the hosts databases. Before turning this option on, consult
    # the Network Administration Guide for more details on using IPv6.
    #ipnodes: ldap [NOTFOUND=return] files
    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    netgroup: ldap
    automount: files ldap
    aliases: files ldap
    # for efficient getservbyname() avoid ldap
    services: files ldap
    sendmailvars: files
    printers: user files ldap
    auth_attr: files ldap
    prof_attr: files ldap
    project: files ldap
    bash-2.05# cat /etc/pam.conf
    #ident "@(#)pam.conf 1.20 02/01/23 SMI"
    # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # PAM configuration
    # Unless explicitly defined, all services use the modules
    # defined in the "other" section.
    # Modules are defined with relative pathnames, i.e., they are
    # relative to /usr/lib/security/$ISA. Absolute path names, as
    # present in this file in previous releases are still acceptable.
    # Authentication management
    # login service (explicit because of pam_dial_auth)
    login auth requisite pam_authtok_get.so.1 debug
    login auth required pam_dhkeys.so.1 debug
    login auth required pam_dial_auth.so.1 debug
    login auth binding pam_unix_auth.so.1 server_policy debug
    login auth required pam_ldap.so.1 use_first_pass debug
    # rlogin service (explicit because of pam_rhost_auth)
    rlogin auth sufficient pam_rhosts_auth.so.1
    rlogin auth requisite pam_authtok_get.so.1
    rlogin auth required pam_dhkeys.so.1
    rlogin auth binding pam_unix_auth.so.1 server_policy
    rlogin auth required pam_ldap.so.1 use_first_pass
    # rsh service (explicit because of pam_rhost_auth,
    # and pam_unix_auth for meaningful pam_setcred)
    rsh auth sufficient pam_rhosts_auth.so.1
    rsh auth required pam_unix_auth.so.1
    # PPP service (explicit because of pam_dial_auth)
    ppp auth requisite pam_authtok_get.so.1
    ppp auth required pam_dhkeys.so.1
    ppp auth required pam_dial_auth.so.1
    ppp auth binding pam_unix_auth.so.1 server_policy
    ppp auth required pam_ldap.so.1 use_first_pass
    # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for authenctication
    other auth requisite pam_authtok_get.so.1 debug
    other auth required pam_dhkeys.so.1 debug
    other auth binding pam_unix_auth.so.1 server_policy debug
    other auth required pam_ldap.so.1 use_first_pass debug
    # passwd command (explicit because of a different authentication module)
    passwd auth binding pam_passwd_auth.so.1 server_policy debug
    passwd auth required pam_ldap.so.1 use_first_pass debug
    # cron service (explicit because of non-usage of pam_roles.so.1)
    cron account required pam_projects.so.1
    cron account required pam_unix_account.so.1
    # Default definition for Account management
    # Used when service name is not explicitly mentioned for account management
    other account requisite pam_roles.so.1 debug
    other account required pam_projects.so.1 debug
    other account binding pam_unix_account.so.1 server_policy debug
    other account required pam_ldap.so.1 no_pass debug
    # Default definition for Session management
    # Used when service name is not explicitly mentioned for session management
    other session required pam_unix_session.so.1
    # Default definition for Password management
    # Used when service name is not explicitly mentioned for password management
    other password required pam_dhkeys.so.1 debug
    other password requisite pam_authtok_get.so.1 debug
    other password requisite pam_authtok_check.so.1 debug
    other password required pam_authtok_store.so.1 server_policy debug
    # Support for Kerberos V5 authentication (uncomment to use Kerberos)
    #rlogin auth optional pam_krb5.so.1 try_first_pass
    #login auth optional pam_krb5.so.1 try_first_pass
    #other auth optional pam_krb5.so.1 try_first_pass
    #cron account optional pam_krb5.so.1
    #other account optional pam_krb5.so.1
    #other session optional pam_krb5.so.1
    #other password optional pam_krb5.so.1 try_first_pass
    I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
    May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
    May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
    May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
    May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
    May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
    May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
    May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
    May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
    May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
    May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
    May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
    May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
    May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
    May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
    May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
    May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
    If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
    bash-2.05$ passwd
    passwd: Changing password for VV
    Enter existing login password:
    New Password:
    passwd: Password too short - must be at least 8 characters.
    Please try again
    May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
    May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
    May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
    May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
    May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
    May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
    May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
    May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
    May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
    May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
    May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
    I am using the default policy on the directory server which states a minimum password length of 6 characters.
    server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
    pwd-accept-hashed-pwd-enabled : N/A
    pwd-check-enabled : off
    pwd-compat-mode : DS6-mode
    pwd-expire-no-warning-enabled : on
    pwd-expire-warning-delay : 1d
    pwd-failure-count-interval : 10m
    pwd-grace-login-limit : disabled
    pwd-keep-last-auth-time-enabled : off
    pwd-lockout-duration : disabled
    pwd-lockout-enabled : off
    pwd-lockout-repl-priority-enabled : on
    pwd-max-age : disabled
    pwd-max-failure-count : 3
    pwd-max-history-count : disabled
    pwd-min-age : disabled
    pwd-min-length : 6
    pwd-mod-gen-length : 6
    pwd-must-change-enabled : off
    pwd-root-dn-bypass-enabled : off
    pwd-safe-modify-enabled : off
    pwd-storage-scheme : CRYPT
    pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
    pwd-strong-check-enabled : off
    pwd-strong-check-require-charset : lower
    pwd-strong-check-require-charset : upper
    pwd-strong-check-require-charset : digit
    pwd-strong-check-require-charset : special
    pwd-supported-storage-scheme : CRYPT
    pwd-supported-storage-scheme : SHA
    pwd-supported-storage-scheme : SSHA
    pwd-supported-storage-scheme : NS-MTA-MD5
    pwd-supported-storage-scheme : CLEAR
    pwd-user-change-enabled : off
    Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
    . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
    I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
    Edited by: ericduggan on Sep 8, 2008 5:30 AM

    you can try passwd -r ldap for changing the ldap passwds...

  • ICal yields "Error during PUT for mailto:valid@email: iMIP request failed"

    Hello,
    I'm trying to bring up an iCal server (using Mac OS X Lion 10.7.3 Server on a Mac Mini). The basic configuration runs fine. But when I tried to enable eMail invitations, I got stuck with those messages in the error log:
    [twistedcaldav.scheduling.imip#error] Could not do server-to-imip request : <twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x10075e5d0> User timeout caused connection failure.
    [twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error during PUT for mailto:valid@email: iMIP request failed
    My configuration settings:
    calendar:Scheduling:CalDAV:EmailDomain = ""
    calendar:Scheduling:CalDAV:HTTPDomain = ""
    calendar:Scheduling:CalDAV:AddressPatterns = _empty_array
    calendar:Scheduling:iMIP:Sending:Server = "valid.mail.server"
    calendar:Scheduling:iMIP:Sending:UseSSL = no
    calendar:Scheduling:iMIP:Sending:Username = "valid@email"
    calendar:Scheduling:iMIP:Sending:Address = "valid@email"
    calendar:Scheduling:iMIP:Sending:Password = "safe_password"
    calendar:Scheduling:iMIP:Sending:Port = 25
    calendar:Scheduling:iMIP:Enabled = yes
    calendar:Scheduling:iMIP:MailGatewayPort = 62310
    calendar:Scheduling:iMIP:Receiving:Server = "valid.mail.server"
    calendar:Scheduling:iMIP:Receiving:UseSSL = yes
    calendar:Scheduling:iMIP:Receiving:Username = "valid_email"
    calendar:Scheduling:iMIP:Receiving:PollingSeconds = 30
    calendar:Scheduling:iMIP:Receiving:Type = "imap"
    calendar:Scheduling:iMIP:Receiving:Password = "safe_password"
    calendar:Scheduling:iMIP:Receiving:Port = 993
    calendar:Scheduling:iMIP:AddressPatterns:_array_index:0 = "mailto:.*"
    calendar:Scheduling:iMIP:MailGatewayServer = "valid.mail.server"
    calendar:Scheduling:iSchedule:Enabled = no
    calendar:Scheduling:iSchedule:Servers = "servertoserver.xml"
    calendar:Scheduling:iSchedule:AddressPatterns = _empty_array
    It does not even try to connect to the given smtp server. How do I proceed?

    I dug into the sources, and am now smarter
    the above settings are invalid, because of the gateway (this has to be iCal itself):
    calendar:Scheduling:iMIP:MailGatewayServer = "localhost"
    Now the IMAP server is being asked, but now I have the next problem:
    [mailgateway] 2012-03-27 11:14:37+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadFactory#debug] Scheduling next IMAP4 poll
    [mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
    [mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] IMAP servergreeting
    [mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 0001 AUTHENTICATE PLAIN
    [mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: +
    [mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 1GNhbEwhZHNwZXJ0LmRlAFlpZXE5YW==
    [mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: 0001 NO [AUTHENTICATIONFAILED] Authentication failed.
    [mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] IMAP authenticate failed for valid@email, trying login
    [mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 0002 LOGIN "valid@email" "valid_password"
    [mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: 0002 NO [AUTHENTICATIONFAILED] Authentication failed.
    [mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#error] IMAP login failed for valid@email
    [mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadFactory#debug] IMAP factory connection lost

  • Mapping file for Password Sync

    The directions are -
    Synchronizing Passwords from Oracle Internet Directory to Microsoft Active Directory - Before Active Directory Connector can synchronize passwords in this direction, do the following:
    Add a mapping rule that enables password synchronization. For example:
    Userpassword: : :inetorgperson:unicodepwd: :user
    Req -
    Can some one share there mapping file which they would have used for password Sync . you can mail it to me on [email protected]
    Regards,
    Rashid

    Hi,
    Below is the mapping I used :
    DomainRules
    cn=users,dc=test,dc=com:cn=users,dc=coreid,dc=test,dc=com
    AttributeRules
    # Organizational Unit Mapping
    ou: : :organizationalunit:ou: : organizationalunit
    # Container mapping
    cn: : :orclcontainer: cn: :Container
    #Domain cannot be exported
    #name: : :domain: dc: :domain
    cn:1: :inetorgperson:cn: :User
    uid|cn: : :inetorgperson:SAMAccountName: :User
    #orclSAMAccountName:1: :inetorgperson:SAMAccountName: :User: truncl(orclSAMAccountName,'$')
    #cn:1: :inetortperson:SAMAccountName: :User
    # attribute rule for mapping Active Directory LOGIN id
    #mail: : :person:sn: :User:
    mail: : :person:UserPrincipalName: :User:
    # attribute rule for mapping entry and to create orclUserV2
    # There should be a mapping rule with orcluserv2 objectclass
    # without which the PORTAL may not function properly
    sn: : :inetorgperson:sn: :person
    givenname: : :inetorgperson:givenname: :person
    cn: : :person:displayName: :person
    # mail needs to be assigned valid value for default settings ing DAS
    mail: : :inetorgperson:mail: :person
    userpassword: : :inetorgperson:unicodepwd: :person:
    cn: : :person:useraccountcontrol: :person:"512"
    mobile: : :inetorgperson:mobile: :organizationalperson:
    orclisenabled: : :inetorgperson:obuseraccountcontrol: :oblixOrgPerson:"ACTIVATED"
    # GROUP ENTRY MAPPING RULES
    cn: : :orclgroup:cn: :group:
    # This will work successfully only when cn doesn't have any
    # special characters associated with it.
    cn: : :orclgroup:SAMAccountName: :group:
    uniquemember: : :groupofuniquenames:member: :group:

  • Bringing back an old password validation rule

    Good afternoon
    On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
    While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
    If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
    Please advise.
    Kind Regards
    Moggie

    Hi Moggie,
    > Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
    A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
    Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
    While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
    > If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
    There you have it. 
    Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
    Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
    Cheers,
    Julius

  • Extend WL Authentication Provider Password Validation

    Hi folks
    I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
    http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
    Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
    Thanks,
    Paul

    1- How can an authentication provider supports password validation providers ?
    We decided to make our own authentication provider so I doubt we support it
    Yes, your custom authentication provider will not support it.
    2- How it is suppose to work ?
    Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
    The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
    Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all.

  • Regex Password validator

    I faced some problem while validating a password that will contain minimum 5 characters using regex.
    I am using a very simple regex as below:
    String REGEX_PATTERN = "(?=.*[a-z|A-Z]{5,}).{8,}";
    It says password must contains minimum 5 characters(a-z|A-Z), and password length will be minimum 8 chars.
    It is working fine for the string "aasaT124". But fails for the string "aa12sa4T".
    Clearly the difference is regex matches only if the characters are sequential.
    The String for which validation fails also contains minimum 5 characters but characters are not sequential.
    Pls tell me where is the problem in my regex that introduces this problem. I just need to validate simply whether my string contains minimum 5 characters or not independent of any position or sequence.

    836548 wrote:
    masijade wrote:
    836548 wrote:
    The regex pattern should be like below :
    "(?=.*[a-z|0-9|A-Z]{5,}+).{8,}"
    it will work.
    That does not fulfill the requirements, however.
    Yes you are right..
    I think this cannot be achieved using regex (not sure) . You can use the javascript function or java method to validate the password.
    As I explained in my first response it most definitely can be achieved using a regex. The change to the OP's original regex is almost trivial!
    P.S. Why do people think they need to use '|' inside a character class to mean 'or' ? 

  • BizTalk Schema Email address/Password Validation

    Hi,
    I want to develop a schema which has the email address and password field.
    We have particular format to validate the email address and password format.  I am not sure how to check those setting for the schema to validate the incoming file.
    Please help me to solve the issue.
    Regards, Aboorva Raja R Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Hi,
    You should use the
    Pattern property.
    Like for Email you can set Base Data Type property with xs:string, setting the
    Data Type property with "Email" and paste "\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" (without the ") into the
    Pattern property.
    You can have Pattern on similar lines for Password as well.
    Refer:
    Email address format validation in XSD schemas
    Rachit
    Please mark as answer or vote as helpful if my reply does

  • I did force shutdown on my MacBook Pro (2006 year, 15.4"), so, when I tried to boot, it shows apple logo (as usual) and shuts down. When I booting MacBook with Option key pressed it shows lock icon and field for password. Please help me.

    I did force shutdown on my MacBook Pro (2006 year, 15.4"), so, when I tried to boot, it shows apple logo (as usual) and shuts down. When I booting MacBook with Option key pressed it shows lock icon and field for password. Please help me.

    Wait for advice on repairing a damaged filesystem.  Forceshutdown stops processs in mid-stream and leaves some parts not-valid.
    Do not proceed until you get that avice.

  • Custom Attibute with Password Validations

    Hi,
    Is it possible to trigger the password validations for the custom attribute(who's display type as Password) which is defined in OAM objectclass of User Manager Configuration?
    However the custom attribute value passed to LDAP is stored in the form of unencrypted/clear text.
    Any inputs will be appreciated?
    Thanks,
    ABP
    Edited by: user11970322 on 14-Jan-2011 10:33

    Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).

  • Hi I can't update my apps when I try to update it asks for password when used it goes back to update. I think I'm not alone and have tried changing date switching off signing out and in and rebooting. Is there a solution or do I need to take it in?

    I can't update my apps each time it asks for password when entered it goes straight back to update. I don't think I am alone in this. I have tried changing the date, rebooting, switching off and on signing out and nothing works. Does anyone know of a solution or will I have to take it to an apple shop. My misses has no trouble with her updates, they are both on iOS 6. Hope someone can help.

    Tried that just said cant connect to iTunes Store which was different.

  • Default option for password in UME

    Hi,
    Is there a way that when we create new users in UME, that the default option for password management is set to "Disabled Password" in stead of "Define Initial Password".
    We are using SPML SOAP message to create the users and if there is no password in the SPML messgae, the user is created, but no logon is possible as the system expects that you should have a  password.
    We will like to avoid sending in the password as part of user creation process, as these users will have to be created with no password. These users will never do a basis authentication, but  are needed for SSO using HTTP header variable..
    Thanks,
    Vikrant sud

    Is this a portal or what?
    On the ABAP side this is possible, so I would expect the Java APIs to offer the same.
    Looking in the PASSWORD structure is the wrong place, try the LOGONDATA (if it is done the same way). If you activate it in the call it should delete the PASSWORD regardless.
    Sorry, I have an ABAP mentality... but consistent APIs make it easier (to have to understand less concepts) and SAP increasingly does this.
    Cheers,
    Julius
    Edited by: Julius Bussche on Nov 19, 2009 9:47 PM

  • Not able to open mail from my mac, gmail repeatedly asking for password. but using same password able to open gmail on safari

    not able to open mail from my mac, gmail repeatedly asking for password. but using same password able to open gmail on safari

    okay well they got me to take out some .plist files to see if that would help it didn't. I'm not sure what ones that they deleted for my self maybe someone here would be abel to tell you what ones to take out but didn't work the one that came close to working was this going into keychain and deleting the account(s) then reading them again.
    if you are to do this please back up first with Time Machine. You can do this with a usb drive.
    Okay so go back to where you had internet accounts and make sure mail is shut. click the - on the account your having problems with then quit system preferences.
    Okay so then press cmd and space bar at the same time then type 'keychain access' into the search then click on 'keychain access'
    once it is open go to the top of the window and put your email address that you are having problems with.
    once you have put in your full email, have a look at what comes up i deleted things in the kind colome with 'internet password' and anything with under name that had smtp.gmail.com or imap.gmail.com so it would look like this, map.gmail.com - internet password.
    right click and delete them. make sure not to touch any other files that dont say them things on them.
    Once you have done this quit keychain access and then restart the computer, once the computer is restarted go back to system preferences and internet accounts and re-add the account.
    Hope this helps. if something is not clear just ask.

Maybe you are looking for