SecureAuth IdP Version affected: All
- By default, an AD LDS instance automatically enforces any local or domain password policies that exist on the Windows Server. If the password to be set does not meet the local or domain complexity rules it will be rejected.
- By default, Active Directory Lightweight Directory Services (AD LDS) will not allow a new user account password to be set over an unencrypted connection.
Verify the password you are entering complies with the AD LDS servers complexity requirements. Further information about Windows Server Password Complexity can be found in this document Enforcing Strong Password Usage Throughout Your Organization
In order to allow the changing and creating of passwords for AD LDS users over an unsecured connection consider the following solutions:
- Configure AD LDS to use an SSL connection as documented here Configuring LDAP over SSL Requirements for AD LDS
- Configure Anonymous LDAP binding to the AD-LDS instance which will allow SecueAuth to change\create a password over an unencrypted connection.
Note: For security purposes you should never grant anonymous access privileges to any portion of your AD LDS instance.