A Forum reader recently asked:
“How can we assign a Universal Password policy to a simple-password user? As I see it, there still must be at least one password change to get to the UP password. If we assign a password Policy before the NDS password is set, the user cannot bind using the simplePassword.
So, he must bind with the simplePassword, change his password (which sets the NDS password), then assign the password Policy. Then he must again At Least login using the NDS password which will set the UP password.
We’ve been told that once the Universal Password is set then the Simple Password is ignored. We have not set the NDSD_TRY_NMASLOGIN_FIRST variable is not set.”
And here’s the reply from Jim Willeke …
Try the following:
1. Set NDSD_TRY_NMASLOGIN_FIRST=true
2. Set the Default login sequence for the “user” container to “simple”.
3. Import the encrypted password to the simplePassword with no password policy assigned to the users.
4. Assign a password policy to the “user” container.
The user can bind using the simple password. Upon a successful bind, assuming the password policy applies, this will set the NDS and UP passwords, and IDM does pick up the password change.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.