Word of WARNING you are going to be making some under the cover changes in XML in Entity definitions. So do this in a LAB, have BACKUP copies of the files being changed.

This was tried with 3.5.1, but should work with earlier and later releases.

  1. Create a new entity in the DAL called Password Change (or call it anything you want) based on the User class. It should add the surname attribute for you by default. Leave it with just that attribute.
    1. Change the surname attribute to not required and not multi value in the access properties
  2. Deploy these changes to the User Application driver.
  3. In iManager find your User Application driver, by using View Objects.
    1. Under the container AppConfig.DirectoryModel.EntityDefs find the object that represents your entity, this is the key name you gave it.
    2. Open in, find the xmlData attribute and edit it
    3. Copy the XML into a text editor
      1. Find the surname attribute, change the key, nds-name, and ldap-name to userPassword (note case is important)
      2. Change the display label also
    4. Copy this changed XML and paste it to replace the current attribute data
    5. Save your changes to the attribute in iManager
  4. In Designer run a Compare of your entity to what is in Designer, it should be out of sync. Go ahead and update the Designer entity
  5. Create a workflow that uses this new entity in an Entity activity, use it to create/modify the entity
    1. The workflow should change the recipients password, have them enter a new password
    2. Deploy your workflow
  6. Log in as the User Application admin and flush the cache, so that your DAL changes are picked up
  7. Test the workflow with a test user after they complete the request and if it completes successfully
  8. Logoff and try to login with the old password, should fail
  9. Try the new password should work

The attached zip file contains a sample workflow and entity that demonstrates this solution.

Download: changepasswordworkflow_prd_entity.zip

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

One Comment

By: jgdasilva
Jan 11, 2011
12:11 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow