Some informations not clear changing password for users with AD 2008 R2 and with PSO

[GoogleCodeExporter]

Hello,

First thank you for your project, it's very very apprecited.
We experience here some side effects.
Could you examine this and say if you think your can, would or project to 
improve the system to addapt to this side effects ?

What steps will reproduce the problem ?
1. Logon with a account from AD 2008 R2
2. Ask to change the password
3. Write your new password, but with an older password
4. The system valid the password compliance but the AD do not accept this 
password because it not compliant with the rule against using an older password.
5. The pwd site return to the web page to insert the new password, but without 
explaination.
6. If you re-insert the same new password, a message identify the impossibility 
to use this password because it's again the policy, but the policy write above 
doesn't mentions the impossibility to use older passwords.
7. In addition, if you set a PSO in AD 2008 R2 for this account, the policy 
text write above the fields to change the password do not refect the reality 
(the number of minimal caracters for exemple). And the same behavior occur. The 
web page is re displayed but without explanation. And the policy text still 
mentions the global leng caracters policy.

Many thanks for your help.

Roberto Rizzo
Switzerland

What is the expected output? What do you see instead?
Hoping a message to know that the new password was not accepted by the AD and 
asking to reinsert the new password with eventually the cause of the reject, or 
at minimum display a message asking to reply, because the end user sometime 
think the process is close and successfull if it's not an habit for it to 
change passwords.

What version of PWM are you using?
1.6.0

What ldap directory and version are you using?
Windows 2008 R2 - with PSO !

Please paste any error log messages below:
Nothing

Original issue reported on code.google.com by roberto....@cortex-it.ch on 22 Feb 2012 at 11:20

[GoogleCodeExporter]

For part 1-6, that should be fixed in v1.6.1 or newer.  Please verify and 
report back if your see the same issue.  Part 7 is not yet implemented.

Original comment by jrivard on 22 Feb 2012 at 1:01

• Changed state: Accepted

[GoogleCodeExporter]

Hello,

Many thanks for your answer.
Point 1-6 : I had upgraded pwm to the version 6.0.1 and now a message is 
displayed explaining the fact that the password do not match the rules when you 
use an old password with old password set in the AD, many thanks.
Because the rules (Policies by Challenge) are writes below the users will not 
understand what is wrong, because the number of old passwords not re-usable in 
the AD is not write on these rules. Could you examine the possibility to query 
and display the number of old password not re-usable when the user want change 
it password. Or say if there is a limitation to obtain this information by 
Challenging Policy.

Point 7 : PSO will become a standard, especially in cloud condition when a 
plateform is use for many small entity that need or accept different form and 
level of securities. pwd is very in line with cloud computing because many of 
users will use an account for accessing the plateform (for example View) but 
use not the same to access their session on a virtual machine and will not able 
to change the password for the plateform in the Direcory (AD in my case) 
without a web tool like pwd.

So many thanks.
Fist many thanks for your project, very appreciated.
Thanks for your answers and if you project in the future to implememt PSO, send 
me a message, I will be a Beta tester for you with pleasure.
Roberto Rizzo

Original comment by roberto....@cortex-it.ch on 24 Feb 2012 at 8:07

[GoogleCodeExporter]

Any updates ?
Many thanks.
Roberto

Original comment by roberto....@cortex-it.ch on 29 Feb 2012 at 9:54

[GoogleCodeExporter]

Will research pso.  Relevent links would be helpful.  Code submits always 
welcome. 

Original comment by jrivard on 1 Mar 2012 at 4:29