Script for Password policy

For my understanding, why are you trying to compare the new password against the password history in the script? The password policy should test that automatically for you if you set password history to a value greater than 0.

Yes, you are right, thank you.
I wanted to make my life harder :))

However, I still need answer for the second question, because I need to compare my password with the parts of the SAMAccount name from ADSAccount.

You do have Base (iSingleDBObject) or Entity (iEntity) directly available in the password policy scripts.

Important: Use only read access against those otherwise you might have unwanted side effects.

Thank you. Now it works.

Markus, I designed script according to your recommendation, however recently I have found a problem, I can’t change password in standard web form for changing password. I get an policy error “Object reference not set to an instance of an object” . I get the same error in designer if I don’t choose base object for checking policy. So I can’t understand why base object is not chosen for changing password on web portal because before resetting password asks for account. Do you think that this is system bug, or I make something wrong?

P.S. Version OIM 8.0.1

Markus, I designed script according to your recommendation, however recently I have found a problem, I can’t change password in standard web form for changing password. I get an policy error “Object reference not set to an instance of an object” . I get the same error in designer if I don’t choose base object for checking policy. So I can’t understand why base object is not chosen for changing password on web portal because before resetting password asks for account. Do you think that this is system bug, or I make something wrong?

P.S. Version OIM 8.0.1

Can you post the script? It would ease reproducing this.

Forgot something, are you referring to a password reset web page? When do you get the error exactly?

Here it is:

Public Sub CCC_PwdValidateAD(policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)
	Dim pwd As String = spwd.ToInsecure()
	Dim sama As String = Base.GetValue("SAMAccountName")
	Dim PasswordMinLengthService As Int32 = Convert.ToInt32( Connection.GetConfigParm("Custom\ADS\PasswordMinLengthService") )
	Dim PasswordMinLengthAdmin As Int32 = Convert.ToInt32( Connection.GetConfigParm("Custom\ADS\PasswordMinLengthAdmin") )
	

	
	If Base.GetValue("IdentityType") = "Service" And pwd.Length() < PasswordMinLengthService:
			Throw New Exception(#LD("Password for service account can't be less than {0} symbols",PasswordMinLengthService)#) 
	End If
	
	If  Base.GetValue("IdentityType") = "Admin" And pwd.Length() < PasswordMinLengthAdmin:
		Throw New Exception(#LD("Password for admin account can't be less than {0} symbols", PasswordMinLengthAdmin)#)
	End If 
	
	
	pwd = pwd.ToLower()
	sama = sama.ToLower()
	If sama.Length() > 3:
		For index As Integer = 0 To sama.Length()-3
			If pwd.Contains( sama.Substring(index,3) ) Then
				Throw New Exception(#LD("Password contains 3 or more symbols from ADSAccount.SAMAccount name in a row")#)
			End If
		Next
	End If
End Sub

We have some customization on portal but this form is standard

Thanks. I'll check and let you know when I am finding something.

Please contact support and ask for the hotfix of VPR#30389. That should fix your issue.

Thank you.

Unfortunately, this hotfix didn't solve my problem, I still have this error.

I suggest contacting support then to clear this up. From my understanding, the fix should deal with the error but it seems to be something else.