Ctrl, Alt, Del, Change Password does not change eDir password through CLE - SSPR integration

  • 7016194
  • 13-Feb-2015
  • 30-Nov-2020

Environment

Self Service Password Reset
SSPR 3.2
Client Login Extension
CLE 3.8
CLE configured for SSPR integration
eDirectory environment
Novell Client installed on workstations
 

Situation

eDirectory password is not changed with Ctrl, Alt Del change password using CLE integrated with SSPR.
Ctrl, Alt, Del change password does not change eDir password if CLE is configured for SSPR integration.
Behavior is the same regardless of whether Novell Client installed in "active" (default) or "passsive" mode.

Resolution

Working as designed. 
CLE's SSPR integration features only work with Active Directory.  The CLE / SSPR integration is not supported with the Novell Client. 

The CLE - SSPR Integration features include the following:  
1. Force User for C/R responses
2. Password expiration warning
3. CTRL+ALT+DEL change password
4. Emergency Access

These features are only supported in an AD environment.


Workaround for eDir environments without the Novell Client: 

Synchronize user names and passwords between AD and eDir.  This can be done with IDM or manually.  The key is that the same userid and password must be used in both AD and eDirectory.  The reasoning behind this is that when logging into the workstation without the Novell client then there is no eDirectory login. Thus CLE is only aware of the AD credentials. It will perform all operations based upon the userid and password it receives from the Windows logon. If the user information is not sync’d then CLE will query the SSPR server and the SSPR server will be unable to locate the user object.


 


Additional Information

For more on configuring CLE for SSPR integration see TID 7015897

Novell Client in passive mode:
  Properties of Novell CLient --> Advanced Login --> Login with non-Novell Credential Provider = On
  Properties of Novell CLient --> Advanced Login --> Novell Logon = Off