I am running into an issue I am still trying to collect more info about
it. Thus I just want to see if someone can give an idea of what to look
for before I get support involved in this and too far into it.

We are a university, and as students send their application in, we set
up their accounts, so they can log into our admission system to continue
their admission process. The new accounts are created with an initial
password from a connected system that processes our admissions. They may
be created far in advance before the student enrolls or even starts
using our systems.

Until sometime in January we were using a password policy based on
Novell syntax. Then we switched to something base on Microsoft
complexity policy. We did that to accommodate password resets on the
windows workstations in our computer labs across campus.

I don't know if there is a relationship with that or not, but a lot of
those new accounts are getting disabled (loginDisabled=TRUE). I talked
to a couple of students myself, and I found out they were able to log
into User App and reset their initial password at one point. They logged
out to log back in and check their new password, and then got the
message about restricted access. It looks like their login is being
disabled upon a password reset. I know that some of those accounts have
initial passwords set under the previous password policy, so they do
violate the current policy. However, I am not enforcing the system to
verify compliance on login.

Does anybody have any thoughts on that? We are using IDM 3.6.1a and
UserApp .3.6.1(B).

celsolima's Profile: http://forums.novell.com/member.php?userid=1764
View this thread: http://forums.novell.com/showthread.php?t=407811