When the back-end directory is NetIQ eDirectory, you can configure Modular Authentication Services (NMAS).
Benefits of this configuration include:
Validation of passwords against the NMAS password policy.
Email notifications for failed password operations, such as when a password coming from a connected system does not comply with the password policies.
Better error messages when using universal password policies
Better error handling during the change password process
All NMAS operations require an SSL connection to the directory.
Apart from configuring the NMAS extension, you can configure some additional parameters for NetIQ eDirectory.
Perform the following steps:
On the left pane of Configuration Editor, click Configuration Home.
On the right pane select NetIQ eDirectory under Configuration Template.
Click LDAP > NetIQ eDirectory > eDirectorySettings.
Configure the following settings:
|
Field |
Description |
|---|---|
|
Enable NMAS Extension |
Select this check box to enable the NMAS extension. NOTE:If you have enabled NMAS Extension and Store NMAS Responses, ensure that you enable the universal password policy. Otherwise, the new user creation fails. |
|
Save NMAS Responses |
Select this check box if you want to save the user responses to the NMAS response storage container. This storage is in addition to any other configured response storage methods. |
|
Enable NMAS Responses for Forgotten Password |
Select this check box to use NMAS stored responses during forgotten password recovery. SSPR tries all other configured storage methods before evaluating. |
|
Read User Passwords |
Select this check box if you want SSPR to read the user's password from eDirectory before changing it. This prevents an extra password change from being set to a temporary random password during the forgotten password sequence. If the proxy user does not have rights to read the password, then SSPR generates a temporary random password for the user. |
Click the Save icon.
If you require to apply the policy settings for the challenge sets that is configured in NMAS, perform the following:
On the left pane, click eDirectory Challenge Sets.
On the right pane, configure the following settings:
|
Field |
Description |
|---|---|
|
Read eDirectory Challenge Sets |
Select this check box if you want SSPR to read the challenge set configuration from the eDirectory universal password policy and apply it to users. If you want SSPR to use challenge sets configured in NAMAS only, do not configure the required and forgotten questions in SSPR, else SSPR will use these if no eDirectory policy exists. |
|
eDirectory Challenge Set Minimum Randoms During Setup |
Specify the number of random questions that a user is required to answer from NMAS at the time of saving challenge/ response answers. |
|
eDirectory Challenge Set Apply Wordlist |
Enable this setting if you do not want the users to use any of the words mentioned in the wordlist dictionary for the challenge/ response answers. |
|
eDirectory Challenge Set Maximum Question Chars In Answer |
Specify the maximum number of characters of the question text that are allowed in answers when saving challenge/response answers in NMAS. |
Click the Save icon.