15.3 Troubleshooting User Issues with Self Service Password Reset

15.3.1 Users in Active Directory See Delays in Accessing the User Website

Issue: When you LDAP identity source is Active Directory, sometimes users see a delay when accessing the user website for Self Service Password Reset.

Solution: One of the major performance issues in an Active Directory network is the reverse DNS resolution. Disable Settings > Security > Application > Security > Enable Reverse DNS. If the performance increases, then there are DNS issues in your network you must resolve to enable the reverse DNS resolution again.

If turn off the reverse DNS resolution does not work, access the logs and look at the timestamps and ensure time is synchronized between your Active Directory servers and the server running the Self Service Password Reset application.

15.3.2 Users Did Not Complete the Forgotten Password Process

Issue: A user started the forgotten password process and did not complete the process. The user cannot log in to Self Server Password Reset any longer.

Solution: When a user starts the password change process by clicking Forgotten password, a random password is generated and if the user cancels the process without completing it, the user cannot use the old password. This happens because Self Service Password Reset recognizes the random password that was created when the user clicked on Forgotten password.

To resolve this issue perform the following:

  • For Active Directory, you can enable the Use Proxy When Password Forgotten setting in the Configuration Editor under LDAP > LDAP Settings > Microsoft Active Directory.

  • For eDirectory and Oracle Directory Server, have the user start the forgotten password process again and complete the process. The users must reset their passwords.

15.3.3 Helping Users Change the Default Language of Self Service Password Reset

There are two different options for you to have the users change the default language. The first option allows the users to change the default language and the second option is that you provide a URL that automatically displays the desired language.

  • Users click language option at the bottom of the Self Service Password Reset screen and select the desired locale. The language option displays the language that the page is currently using.

  • As an administrator, you can override the default language through the locale parameter by using a link to Self Service Password Reset. For example, http://sspr.example.com/sspr/?locale=sv.

This sets the locale to Swedish and overrides the browser locale settings.

15.3.4 How to Enable Windows Desktop to Support Forgotten Password Reset

Integration of Self Service Password Reset with Novell Client Login Extension (CLE) enables Windows desktop to support forgotten password reset.

CLE facilitates password self-service by adding a link to the Microsoft Credential Provider (MSCP), and Microsoft GINA login clients. When users click the Forgot Password link in their login client, CLE launches a restricted browser to access the Password Self-Service feature on the login clients. For more information about how to integrate CLE with Self Service Password Reset, see Client Login Extension User Guide.

15.3.5 How to Make Self Service Password Reset Honor the Active Directory Password History Policy

Forgotten Password recovery or reset is generally performed by using a proxy or administrator’s account in Self Service Password Reset. However, you can configure to use the user's account while setting the forgotten password by disabling Use Proxy When Password Forgotten in the Configuration Editor under LDAP> LDAP Settings > Microsoft Active Directory. In this scenario, the Active Directory policy is disabled while changing the password.

However, this does result in a temporary password being set on the user's account just before they set a new password. This can cause issues if there is a minimum lifetime set for the password policy.