3.14 Configuring NetIQ eDirectory Settings

When the back-end directory is NetIQ eDirectory, you can configure Modular Authentication Services (NMAS).

Benefits of this configuration include:

  • Validation of passwords against the NMAS password policy.

  • Email notifications for failed password operations, such as when a password coming from a connected system does not comply with the password policies.

  • Better error messages when using universal password policies

  • Better error handling during the change password process

All NMAS operations require an SSL connection to the directory.

Apart from configuring the NMAS extension, you can configure some additional parameters for NetIQ eDirectory.

Perform the following steps:

  1. In Configuration Manager, select Template > NetIQ eDirectory.

  2. Click Settings > NetIQ eDirectory.

  3. Click View > Always Show Advanced Settings to see and configure the advanced settings.

  4. Configure the following settings:

    Field

    Description

    Enable NMAS Extension

    Select this check box to enable the NMAS extension.

    NOTE:If you have enabled NMAS Extension and Store NMAS Responses, ensure that you enable the universal password policy. Otherwise, the new user creation fails.

    Save NMAS Responses

    Select this check box if you want to save the user responses to the NMAS response storage container. This storage is in addition to any other configured response storage methods.

    Enable NMAS Responses for Forgotten Password

    Select this check box to use NMAS stored responses during forgotten password recovery. SSPR tries all other configured storage methods before evaluating.

    Read Challenge Sets

    Select this check box if you want SSPR to read the challenge set configuration from the eDirectory universal password policy and apply it to users.

    If you want SSPR to use challenge sets configured in NAMAS only, do not configure the required and forgotten questions in SSPR, else SSPR will use these if no eDirectory policy exists.

    Read User Passwords

    Select this check box if you want SSPR to read the user's password from eDirectory before changing it.

    This prevents an extra password change from being set to a temporary random password during the forgotten password sequence. If the proxy user does not have rights to read the password, then SSPR generates a temporary random password for the user.

  5. Click Actions > Save.