Environment
Self Service Password Reset
SSPR 3.2
Client Login Extension
CLE 3.8
CLE configured for SSPR integration
eDirectory environment
Novell Client installed on workstations
SSPR 3.2
Client Login Extension
CLE 3.8
CLE configured for SSPR integration
eDirectory environment
Novell Client installed on workstations
Situation
eDirectory password is not changed with Ctrl, Alt Del change password using CLE integrated with SSPR.
Ctrl, Alt, Del change password does not change eDir password if CLE is configured for SSPR integration.
Behavior is the same regardless of whether Novell Client installed in "active" (default) or "passsive" mode.
Ctrl, Alt, Del change password does not change eDir password if CLE is configured for SSPR integration.
Behavior is the same regardless of whether Novell Client installed in "active" (default) or "passsive" mode.
Resolution
Working as designed.
CLE's SSPR integration features only work with Active Directory. The CLE / SSPR integration is not supported with the Novell Client.
The CLE - SSPR Integration features include the following:
1. Force User for C/R responses
2. Password expiration warning
3. CTRL+ALT+DEL change password
4. Emergency Access
These features are only supported in an AD environment.
CLE's SSPR integration features only work with Active Directory. The CLE / SSPR integration is not supported with the Novell Client.
The CLE - SSPR Integration features include the following:
1. Force User for C/R responses
2. Password expiration warning
3. CTRL+ALT+DEL change password
4. Emergency Access
These features are only supported in an AD environment.
Workaround for eDir environments without the Novell Client:
Synchronize user names and passwords between AD and eDir. This can be done with IDM or manually. The key is that the same userid and password must be used
in both AD and eDirectory. The reasoning behind this is that when logging into
the workstation without the Novell client then there is no eDirectory login.
Thus CLE is only aware of the AD credentials. It will perform all operations
based upon the userid and password it receives from the Windows logon. If the
user information is not sync’d then CLE will query the SSPR server and the SSPR
server will be unable to locate the user object.
Additional Information
For more on configuring CLE for SSPR integration see TID 7015897
Novell Client in passive mode:
Properties of Novell CLient --> Advanced Login --> Login with non-Novell Credential Provider = On
Properties of Novell CLient --> Advanced Login --> Novell Logon = Off
Novell Client in passive mode:
Properties of Novell CLient --> Advanced Login --> Login with non-Novell Credential Provider = On
Properties of Novell CLient --> Advanced Login --> Novell Logon = Off