Regular Expression in Custom Password Policy

I have a requirement for the password policy in OIM to enforce "1 numeric OR 1 special character". The only way I could think of doing it is if OIM Password Policy rules allowed a regular expression allowing any one of special characters or numbers. Is this possible? If not, is there a way of enforcing this rule? As far as I can tell, there is no way to "OR" different rules together, like "Mininum Numeric Characters: 1 OR Minimum Special Characters: 1".
OIM Version: 9.1.0.2

Entity Adapter with Error Handler on both Pre-Insert and Pre-Update.
-Kevin

Similar Messages

Introducing a custom Password policy to expire passwords. odsee 11g - what are the expected results

We have left the default Password Policy untouched. As a default password aging is off. Our DS compatibility mode is now DS6 so we can add Password Policies with max age!
Some users need to have their passwords changed regularly due to political reasons.
We have introduced a custom Password Policy which has a pwd_Max_age value of 180 days and allows the user to Change Password. Entry is cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com
Ok. Now we get confused by the behaviour of this ODSEE 11g server. Now, we are ADDING a new custom Password Policy to just a few selected users!
1. When we add the Policy to the user by setting the passwordpolicysubentry attribute = "cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com"
- Nothing seems to happen.
- WHEN IS THE PASSWORD EXPIRED?
2. After we change a password for a user who has the passwordpolicysubentry attribute, he gains a new attribute pwdChangedTime
- IS THIS THE ONLY TIME THE EXPIRY CLOCK STARTS TICKING? *AFTER* THE PASSWORD IS CHANGED?
3. Is it true, that if a user never changes his password, even if he gets the new custom password policy applied, his password never automatically expires????
I just cannot work out what is supposed to happen. I would have hoped that at the very least, the password begins to expires as soon as he gets a Password Policy with pwd_Max_age set.
How is ODSEE 11g designed/supposed to function.
Help!!!!!
*HH

Sylvain ,Many thanks for your reply and suggestions. Always good to have a choice!
So it seems the only way to get the password aging clock to tick is for the password to be changed after having the password policy applied.
Option1 is not really an option although it certainly would make the users change the password and set up the password aging...
The main difficulty with odsee 11g (Version 11.1.1.7.0) is that pwdChangedTime is a system read-only attribute linked to a modification to userPassword attribute, I cannot use ldapmodify to add/modify the pwdChangedTime attribute.
I was amazed that I can read/store the userpassword as the base64 string and replace the userpassword attribute with this value using ldapmodify. This is very easy (and works!) but will cause the pwdChangedTime attribute to contain the same time for all users. I can imagine helpdesk loving it when everyone calls them in 6 months time.
Using the LDIF backup/restore utility looks the best option, if it succeeds. At least we can randomize the actual value of pwdChangedTime with this approach.
Mercy Buckets.

Custom Password Policy

Hi xperts,
I want to create a custom password policy which shoud fulfil the following requirements.
1Allow additional alpha characters more other than A-Z and a-z. i.e the ones in Start button--->Programs>Accessories>System Tools>Character Map.
2.Expand the default special characters list
3 and we dont want email prefix(before @ to be used in the password).
Any Ideas if we can do this ?

You can put your validation using Java Script on Create User Form.----this can fulfil my 3rd requirement.
or
you can create custom action class which will validate your password. Change the reference of OLD action class and replace it with yours.
I am a little new to sucg kind of customisations,can u just give me a little idea how exactly I can go about it..i.e which files to modify,which action class etc...
Also I want this password policy for a group of users and if I modify the action class will there be an effect on the policies associated with other resources?

Custom Password policy for ProxyAgent

Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
Help.
Thanks,
Sean

How do you create a custom filter with NO account lockout, expiration, etc?
The DSCC wizard doesn't allow you to as the last step of the wizard must have
a bug because even though you don't click the Lockout radio button, the
webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
The clients use "proxyagent" user located in ou=profile. When I create a Global Password
policy and apply to my top level dc, then this service account can "expire". I can't have
my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
may need to create a new password policy and assign it to the proxyagent user. Since DSCC
does not seem to allow you to do that, best to munge it via the commandline (after specifying
the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
you want a fix against 6.3 (quote the above bug number)

How i replace default password policy with my custom password policy

Hi All,
can anybody help me to replace idm default password policy with my custom password policy?

1. Go to Security --> Policies
2. New --> String Quality Policy --> define rules --> save
3. New --> Identity System account policy --> define rules and set the policy created in step2 to for password policy --> save
4. Assign the policy created in step 3 to the user
a. when create a user, under the 'Security' tab , for the 'Account policy' select the policy created in step
b. Programattically, create /check out user view, assign the step 3 policy
<set name='user.waveset.assignedLhPolicy'>
<s>step 3 policy</s>
</set>
and checkin the view

Custom Password Policy Settings

Hello Friends,
I am doing the server practical in virtual environment and wish to set a normal password for the test user "Robert Garcia" so I disabled the password policy requirement in the gpmc.msc under "Default Domain Policy" and then did a gpupdate
so that I can set a password as garcia for the user robert but it did not work. I did a system reboot then also it did not work.
I did the same thing for the Default Domains Controller Policy option and still it is not working .
What should be the correct method to disable this as I am in a test environment and simply want to keep simple passwords. Is there any requirement for system reboot or gpupdate should work and what could be the reason here that it is not working in either of
the case??
Thanks
I noticed that I can't set a number as a password say 65789867 but when I disable the things in default domain policy then I can set the password but still not the simple text garcia so what I need to edit and where now.
Also if I need to enable a password policy like the first letter should be capital etc etc then where I can do this customization of password policy
I can set a normal text as password but not the user's last name as password where I can change this customization. I understand that in production environment its not suggested but just in case where to do the customization??
Thanks
Regards

Hi,
In my testing environment, gpupdate is enough to make the policy changes taking effects.
Here are a few suggestions for you:
Please make sure that the Default Domain Policy is
link enabled.
Other than the Password must meet complexity requirements setting, please also disable other ones like Enforce password history, Minimum password length.
If there is any password policy setting set as
Not Defined in Default Domain Policy, please check password policy from
Local Security Policy, in which settings could override the Not Defined ones.
>if I need to enable a password policy like the first letter should be capital etc etc then where I can do this customization of password policy
You may need to develop scripts to achieve this goal.
The Official Scripting Guys Forum
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
Best Regards,
Amy

Password Validation using Regular Expression

Please help me wit the regular expression for the password policy mentioned below:-
The password length should at least be 8 characters. It should be a combination of at least any two of the given sets.
a. Set of alphabets a-z, A-Z
b. Set of numerics 0-9
c. Set of special characters ~!@#$ etc.

function validatePassword(fieldName,minNumberOfDigits, maxNumberOfDigits) {
var alphaNumericPattern = "^[a-z0-9/_/$]{" + minNumberOfDigits + "," + maxNumberOfDigits + "}";
var regExpr = new RegExp(alphaNumericPattern,"i");
var sourceField = event != null ? event.srcElement:e.target;
if(fieldName != null && fieldName != "null" && fieldName != "undefined") {
sourceField = document.getElementById('OrdFrmsessionValidater:form1:passwordField2');
var message = "Password must be a combination of alphabets and numbers";
message = message + "\n and must be between " + minNumberOfDigits + " and " + maxNumberOfDigits + " chars.";
var sourceFieldValue = sourceField.value;
if(sourceFieldValue.length < minNumberOfDigits || sourceFieldValue.length > maxNumberOfDigits){
alert(message);
sourceField.focus();
return false;
if (!regExpr.test(sourceFieldValue)) {
alert(message);
sourceField.focus();
return false;
regExpr = new RegExp("[a-z/_/$]{1}","i");
if(!regExpr.test(sourceFieldValue)){
alert(message);
sourceField.focus();
return false;
regExpr = new RegExp("[0-9]{1}","i");
if(!regExpr.test(sourceFieldValue)){
alert(message);
sourceField.focus();
return false;
var alphaNumericPattern = "^[a-z0-9/_/$]{" + minNumberOfDigits + "," + maxNumberOfDigits + "}";

Assignment of custom password policies

In the documentation is well described how to assign a custom password policy using Roles and CoS. This technique is fairly flexible and can be applied to a number of situations. I have the fear that this is very costly in terms of performance.
Are there simpler ways to assign a password policy to all objects in a container?
Thank you,
Jo

We just did this same thing in one of our instances and have not seen any CPU usage increase, but it's a very small instance (only about 10,000 entries.
We just applied the password policy to all objects in the ou using the following template & COS
# Template user for Class of Service
dn: cn=AgencyTemplate,ou=agencies,o=company
objectClass: top
objectClass: extensibleObject
objectClass: costemplate
objectClass: ldapsubentry
cosPriority: 1
passwordPolicySubentry: cn=Agency Password Policy,o=company
cn: AgencyTemplate
# The COS to apply the policy to all agency users (ou=agencies,o=company)
dn: cn=AgcyPwdPol_cosDefinition,ou=agencies,o=company
objectClass: top
objectClass: LDAPsubentry
objectClass: cosSuperDefinition
objectClass: cosPointerDefinition
costemplatedn: cn=AgencyTemplate,ou=agencies,o=company
cosAttribute: passwordPolicySubentry operational
cn: AgcyPwdPol_cosDefinition

Regular Expression Validation

Hi,
I'm trying to use a regular expression to validate password.
I create a validation in my item called P502_PASSWORD. I choose regular expression type. At the Validation Expression 2, I put this expression:
^(?=.*\d)(?=.*[a-zA-Z])(?!.*[\W_\x7B-\xFF]).{6,15}$
So, I tried to enter a valid "string" at this item. For example: abc123
But it doesn't work and I don't know why. I have another item with a e-mail validation with the expression below, and works:
^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$
So, i really don't know what is happening.
Can someone help me? :)
Thanks,
Vivi

Hi Vivi,
I checked your regex with my favourite application and it seems to be correct for a 'liberal' interpreter. But POSIX-implementation in Oracle seems to be quite strict. At least, I get an ORA-12728 ("invalid range in regular expression") when executing your string with "REGEXP_LIKE". I would take the regex apart bit by bit and see when the regex starts to work with REGEXP_LIKE, like in the following example:
BEGIN
dbms_output.put_line(case when regexp_like('aBc123','^(((\d)|([[:alpha:]])){6,15})$') then 'hit' else 'miss' end);
END;
/This is of course not exactly the expression you wanted, but I guess it's not very far away and produces a 'hit'. ;)
If anybody finds out what exactly caused the error I'd like to know. My first guess was the asterisk in combination with {6,15}, but just removing it didn't do the trick.
-Udo

Password Policy on Directory Server 11.1.1.7.2

Hi,
I'm trying to set up a password policy with DS 11.1.1.7.2 but it doesn't seem to be getting applied to the users. I went through the DSCC gui and created a new policy that is supposed to remember the last 3 passwords and also expire in a couple days just for test purposes. I then set the compatibility mode to Directory Server 6 and clicked on "Assign Policy" and selected ou=people,o=xxxxxx,o=isp where my test accounts are.
I've then tried using ldapmodify using the credentials to the accounts who's passwords I'm changing and it allows me to reuse the same passwords. I saw something about using a virtual attribute for assigning users to a policy. Is that required also?
dn: cn=TestPWpolicy1,o=xxxxxxx,o=isp
cn: TestPWpolicy1
objectclass: sunPwdPolicy
objectclass: pwdPolicy
objectclass: ldapsubentry
objectclass: top
passwordrootdnmaybypassmodschecks: on
passwordstoragescheme: CRYPT
pwdallowuserchange: true
pwdattribute: userPassword
pwdcheckquality: 2
pwdexpirewarning: 86400
pwdinhistory: 3
pwdmaxage: 172800
pwdminage: 0
pwdminlength: 2
pwdmustchange: false
createtimestamp: 20150302195541Z
creatorsname: cn=admin,cn=administrators,cn=dscc
entrydn: cn=testpwpolicy1,o=xxxxxxxx,o=isp
entryid: 28
hassubordinates: FALSE
modifiersname: cn=admin,cn=administrators,cn=dscc
modifytimestamp: 20150302195541Z
nsuniqueid: 0a0ca681-c11611e4-800799c3-4c540d75
numsubordinates: 0
parentid: 2
subschemasubentry: cn=schema
Thanks for any help.

Hello,
A user entry references a custom password policy through the value of the operational attribute pwdPolicySubentry. When referenced by a user entry, a custom password policy overrides the default password policy for the instance.
It is unclear to me whether you want to assign the new password policy to an individual account or to every user in ou=people,o=xxxx,o=isp.
To assign a password policy to an individual account, just ddd the password policy DN to the values of the pwdPolicySubentry attribute of the user entry e.g.
$ cat pwp.ldif
dn: uid=dmiller,ou=people,o=xxxxxxx,o=isp
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
$ ldapmodify -D cn=directory\ manager -w - -f pwp.ldif
Enter bind password:
modifying entry uid=dmiller,ou=people,o=xxxxxxx,o=isp
$ ldapsearch -D cn=directory\ manager -w - -b dc=xxxxxxx,o=isp \
"(uid=dmiller)" pwdPolicySubentry
Enter bind password:
version: 1
dn: uid=dmiller, ou=People, o=xxxxxxx,o=isp
pwdPolicySubentry: cn=TestPWpolicy1,o=xxxxxxx,o=isp
$
See Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
You can also assign a password policy to a set of users using cos/roles virtual attributes as described in section 8.3.4 at Directory Server Password Policy - 11g Release 1 (11.1.1.7.0)
-Sylvain
Please mark the response as helpful or correct when appropriate to make it easier for others to find it

How to ignore the password policy in a custom workflow?

Hi,
We have a custom workflow which is called via SPML to provide 'Administrator Change Password' functionality in a portal.
Our password policy sets the String Quality rules and Number of Previous Passwords that Cannot be Reused. But we like to bypass the password policy when the password administrators (who have a admin role with a capability - 'Change Password Administrator'). At least, restriction ' Number of Previous Passwords that Cannot be Reused' need to be ignored (But password need to be added to the history... cannot disable adding passwords to history).
Please advice me how it could be achieved?
The workflow steps:
1. Checkout 'ChangeUserPassword' view for the user as an administrator
2. Set the new password in the view, set true to view.savePasswordHistory
3. Set password on the resources
4.Checkin the view
Thanks
Siva

Thanks eTech.
My main goal is to skip the password history check (new password can't be a last used 10 passwords) when admin change password workflow is launched. As you suggested , I created a special password policy exactly as our regular password policy excluding "Number of Previous Passwords that Cannot be Reused" setting.
Then before change the password of a user as admin, special policy is attached , password changed, and user's password policy is reverted back to regular one. The issue is, as the special policy does not enforce the password history check, the whole password history of the user is wiped out from the user object when the password is changed by admin change password workflow. We don't want this to happen.
Please guide me whether is anyway to achieve just ignoring the password history without any other impact on user.
Is adding passwords to user object's password history list is triggered by "Number of Previous Passwords that Cannot be Reused" setting of the password policy??
Thanks
Siva

Regular Expressions with Call Policy on VCSe

Hi Guys,
I am working on firming up the call policy on my VCS Expressway to try to better intercept the SIP spam requests it is getting from internet ip numbers. Right now those spam requets are getting rejected by the loop detection but I want to intercept them before they even do a search on the Expressway. It seems that the call policy rules I create without regular expressions are functioning fine but I don't think I have the syntax correct for the regular expressions.
The goal of this rule is to reject any incoming SIP request that has a destination alias format of 7 to 17 digits followed by an @VCSe_IP. so for example it would reject the following attempts: 0123456@VCSe_IP and 0123456789101112@VCSe_IP with one rule.
The policy I created is this: source pattern: unauthenticated user, Destination pattern: \d{7,17}@xx\.xx\.xx\.xx (where xx is the individual octets of the VCSe IP address), Action: reject
However the above policy does not seem to be rejecting the calls before they do a search. I have checked the above expression with the check pattern tool on the VCSe and it comes up with a sucessful match when I try the destination alias of a request that made it through, hence my confusion. Any help you guys could provide would be appreciated.
Thanks,
Steven

Steven,
Default Zone access rules do not relate to this at all and you can keep those set to 'No'.
How exactly are you placing the test calls when attempting to verify this?
I created the following CPL rule on my X7 VCS (With 10.10.10.10 being the IP address of my VCS):
Source pattern:
Destination pattern: \d{7,17}@10\.10\.10\.10
Action: Reject
I then proceeded with placing a SIP call from an unregistered C20, calling the URI '[email protected]' while running a diagnostics log on my VCS with Network log level set to 'DEBUG', and captured the following in that log:
Incoming INVITE:
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,598" Module="network.sip" Level="INFO": Src-ip="10.x.x.x" Src-port="5060"   Detail="Receive Request Method=INVITE, Request-URI=sip:[email protected], Call-ID=9dd19ad75b1063ecf716461b149e9e2a"
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,598" Module="network.sip" Level="DEBUG": Src-ip="10.x.x.x" Src-port="5060"
SIPMSG:
|INVITE sip:[email protected] SIP/2.0
Call processing logic, showing CPL matching:
2013-02-22T16:03:36+01:00 vcs02 tvcs: Event="Search Attempted" Service="SIP" Src-alias-type="SIP" Src-alias="10.x.x.x" Dst-alias-type="SIP" Dst-alias="sip:[email protected]" Call-serial-number="0886391c-7d01-11e2-adf5-0050569a08fd" Tag="08863aac-7d01-11e2-bd2e-0050569a08fd" Detail="searchtype:INVITE" Level="1" UTCTime="2013-02-22 15:03:36,601"
2013-02-22T16:03:36+01:00 vcs02 tvcs: Event="Call Attempted" Service="SIP" Src-ip="10.x.x.x" Src-port="5060" Src-alias-type="SIP" Src-alias="sip:10.x.x.x" Dst-alias-type="SIP" Dst-alias="sip:[email protected]" Call-serial-number="0886391c-7d01-11e2-adf5-0050569a08fd" Tag="08863aac-7d01-11e2-bd2e-0050569a08fd" Protocol="UDP" Auth="NO" Level="1" UTCTime="2013-02-22 15:03:36,601"
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,602" Module="network.cpl" Level="DEBUG": Remote-ip="10.x.x.x" Remote-port="5060"   Detail="CPL: "
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,602" Module="network.cpl" Level="DEBUG": Remote-ip="10.x.x.x" Remote-port="5060"   Detail="CPL: "
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,602" Module="network.cpl" Level="DEBUG": Remote-ip="10.x.x.x" Remote-port="5060"   Detail="CPL: matched "
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,602" Module="network.cpl" Level="DEBUG": Remote-ip="10.x.x.x" Remote-port="5060"   Detail="CPL: "
VCS responds to INVITE with 403 Forbidden:
2013-02-22T16:03:36+01:00 vcs02 tvcs: UTCTime="2013-02-22 15:03:36,616" Module="network.sip" Level="DEBUG": Dst-ip="10.x.x.x" Dst-port="5060"
SIPMSG:
|SIP/2.0 403 Forbidden
As you can see, on my VCS everything seems to work as expected. I'd recommend you capture a similar diagnostics log on your own VCS to check what is different in your test call compared to the output above.

Password validation with regular expression

I'm trying to use a regular expression to validate a password. I've tried a number of different regex's that seem to work elsewhere but do not work in HTML DB. This includes a couple that I wrote and that I found on regex web sites. Specifically, I'm trying to validate that a string has:
1. at least one special character
2. at least one numeric character
3. no more than 6 consecutive characters
4. has a length between 8 and 14
Does anyone know why some regular expressions do not work in HTML DB that work elsewhere or has anyone done a regex similar to this in HTML DB.
Thanks!
- Brian

I see, I will use the [0-9] instead. The expression still does not work though. I simplified the expression down to try and figure out what doesn't work and it seems like it's the "?=".
1. I first entered the expression:
([:alnum:]*[0-9])
This expression just says there must be a number and it works fine in HTML DB.
2. I extended it to:
([:alnum:]*[0-9])([:alnum:]*[a-z])
This expression says that there must be a number followed by a letter. In this example "1a" works but "a1" does not.
3. To make it not care about the order I would normally add "?=" like so:
(?=[:alnum:]*[0-9])(?=[:alnum:]*[a-z])
This should work for "a1" or "1a" because the ? says the order doesn't matter. When I try this in HTML DB neither "1a" or "a1" work.
Any ideas?
Thanks
- Brian

Using regular expressions to get a customized output

Hi,
I have a string/varchar variable with the data ',a,b,c,' in it.
I want the display as follows:
a
b
c
I would like to get the similar output using regular expressions.
How do I get this output using REGEXP_REPLACE or REGEXP_SUBSTR?
Please do the needful.
Thanks & Regards,
Rakshit

I remember that, however if we look closer, that one has a little flaw: The 2nd row should be null, because ",," indicates an empy field. The MODEL clause solution works just fine in this case:
with t as (select 'aaaa,,bbbb,cccc,dddd,eeee,ffff' col1 from dual)
-- end of sample data
SELECT col_new
FROM t
MODEL
   PARTITION BY (ROWNUM rn)
   DIMENSION BY (0 dim)
   MEASURES(col1, col1 col_new)
   RULES ITERATE(99) UNTIL (ITERATION_NUMBER = LENGTH(REGEXP_REPLACE(col1[0], '[^,]')))
                (col_new[ITERATION_NUMBER] = REPLACE(REGEXP_SUBSTR(col1[0], '(^|,)[^,]*', 1, ITERATION_NUMBER+1), ','))
COL_NEW
aaaa
bbbb
cccc
dddd
eeee
ffff
7 Zeilen ausgewählt.Update: I had this nagging feeling that I missed something, and there it was. If you want to see what the problem with my solution is, change the example to
with t as (select ',aaaa,,bbbb,cccc,dddd,eeee,ffff' col1 from dual)So I went back and tried to fix BlueShadows approach. Here it is:
with t as (select 'aaaa,,bbbb,cccc,dddd,eeee,ffff' txt from dual)
-- end of sample data
SELECT REPLACE(REGEXP_SUBSTR(',' || txt, ',[^,]*', 1, level), ',') col_new
FROM t
CONNECT BY level <= length(regexp_replace(txt,'[^,]*'))+1
;C.

Bracket in Regular Expression constant?

I am a bit puzzled by the behavior I am experiencing in LV 2011. I hope to get some light from experts out there.
I am trying to parse a messy ASCII header file and after having split it into individual lines (strings), I use the "Match Regular Expression" function to remove some of the info before the substantial information.
Some of the strings include square brackets ([, ]), which are special characters for the function, therefore, as documented in the help, one needs to precede them with a backslash.
Example:
I want to parse the following line:
#PR [PR_DEV,I,2]
One way (which I am using because of considerations related to the rest of the header) is the the following:
Note that the first string constant is using "Code Display" whereas the second one is using "Normal Display".
Why did I not put a backslash in front of the bracket in the first string, you may ask? Well, I did, but it disappeared after I typed the other characters. And reverting to "Normal Display" did not restore it.
Of course, the first version does not parse the input string correctly, whereas the second one does it fine.
In other words, the custom display string (which is convenient for cryptic codes such as \s* or to distinguish between space and tab...or simply ENTER tabs!) seems to mess up with the \[ combo (likewise with the \] one).
It is not a huge deal. I can use the "Normal Display" mode, but I tend to think that this qualifies as a hidden "feature". And again, it is still a pain in the ... when dealing with special characters such as tabs, etc...
Solved!
Go to Solution.

I think that [ is a special character which needs to be preceded by a backslash, but it is not one of the defined backslash characters (like \s). So, you need to put in two \\ to get one \ while in '\' Codes Display.
You can put in any character by using \xx where the xx is a hex character using only upper case letters for A..F. I converted the strings to byte arrays and tried to see what made the arrays match and the Match work.
Lynn

Regular Expression in Custom Password Policy

Similar Messages

Maybe you are looking for