So if I follow Novell's official docs for "integrating" IDM 3.x with NAM
3.1, I have to use the ForgotPassword.jsf

Okay so here's the dilemma:

When we create a user account, we assign it a password. eDir
automatically expires the password so that the user has to change it
upon next login (that's good and that's how good security SHOULD work,
IMO).

The problem:

When the user logs into NAM for the first time, they are redirected to
the IDM "forgot password" in UserApp. HOwever, because this is their
first login, they have not answered their challenge/response questions,
so they cannot change their password.

But they cannot login to fill out their challenge/response because
their password has expired.

So how does one work around this? short of circumventing security
policies so that the user does NOT have to change their password when
it's expired.

Or adding a tremendous load of work on our admin staff so that they
manually pick a date for thousands of users and "hope" that the user
logs in in time to set their challenge/response before the manually set
expiration date kicks in.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: http://forums.novell.com/member.php?userid=734
View this thread: http://forums.novell.com/showthread.php?t=396814