Self Service Password Reset enables you to configure settings to control interactions of Self Service Password Reset with the LDAP directory that contains your users. You can select a template to configure the settings. Self Service Password Reset provides templates to set default settings for your back-end directories. Changing the template only affects default values. You can change the template at any time. Changing a template does not affect the modified settings.
Self Service Password Reset provides the following templates for supported directories:
Active Directory
Oracle Directory Server
Identity Manager/ OAuth Integration
To configure Identity Manager/ OAuth Integration see, Identity Manager and Section 11.0, Integrating Self Service Password Reset with NetIQ Identity Manager and Section 9.0, Integrating Self Service Password Reset with NetIQ Access Manager.
Use the following information to configure the settings for the other LDAP directory templates.
The Global settings control the interaction with an LDAP directory. These settings are not applicable to the user's LDAP profile. For more information about configuring LDAP for a profile see, Configuring LDAP Directory Profile.
To configure the Global LDAP settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Select the LDAP directory template for your LDAP directory.
Click Default Settings > LDAP Vendor Default Settings, then select the LDAP directory you are using.
NOTE:If you select NetIQ eDirectory, you can configure NMAS settings. See, Configuring NetIQ eDirectory Settings.
In the toolbar, click Save changes.
In the toolbar, click your name.
Click Configuration Editor.
Click LDAP > LDAP Settings > Global.
Use the help information to configure the global settings for the LDAP directories.
In the toolbar, click Save changes.
Self Service Password Reset allows you to change the settings for Microsoft Active Directory.
To change the Microsoft Active Directory settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Default Settings > LDAP Vendor Default Settings > Microsoft Active Directory.
Select LDAP > LDAP Settings > Microsoft Active Directory.
Configure the Active Directory settings use the help.
In the toolbar, click Save changes.
You can use either eDirectory or eDirectory with NMAS as the back-end directory. These settings allow you to change the eDirectory setting configuring during the Configuration Guide.
When the back-end directory is eDirectory, you can configure NMAS. All NMAS operations require an SSL connection to the directory. Benefits of this configuration include:
Validation of passwords against the NMAS password policy.
Email notifications for failed password operations, such as when a password coming from a connected system does not comply with the password policies.
Better error messages when using universal password policies
Better error handling during the change password process
If you must apply the policy settings for the challenge sets that you configured in NMAS, perform the following:
To change the policy settings for the challenge sets:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click LDAP > LDAP Settings > NetIQ eDirectory > eDirectory Challenge Sets.
Define the eDirectory challenge sets using the help.
In the toolbar, click Save changes.
Apart from configuring the NMAS extension, you can configure some additional parameters for eDirectory.
To configure NetIQ eDirectory:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Default Settings > LDAP Vendor Default Settings , then select NetIQ eDirectory.
Click LDAP > LDAP Settings > NetIQ eDirectory > eDirectory Settings.
Configure eDirectory settings using the help.
In the toolbar, click Save changes.
Self Service Password Reset allows you to change settings for the Oracle Directory Server setting.
To change the Oracle Directory Server settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Default Settings > LDAP Vendor Default Settings > Oracle Directory Server.
Select LDAP > LDAP Settings > Oracle DS.
Configure the Oracle Directory Server settings using the help.
In the toolbar, click Save change.