I'm setting up IDM 3.5.1 in a test environment. We are looking at using
it to sync users/passwords from eDirectory over to a new AD tree.

So far, all my syncing seems to be working as users are showing up in
AD and are able to login. But I'm having an issue with getting
Universal Password setup and enforcing complexity.

Have setup a password policy with universal password turned on and the
following options:

Universal Password Options
Enable Universal Password true
Enable the Advanced Password Rules true
Synchronize NDS password when setting Universal Password true
Synchronize Simple Password when setting Universal Password false
Allow user to retrieve password true
Allow admin to retrieve passwords true
Synchronize Distribution Password when setting Universal Password true
Allow the following to retrieve passwords
admin.test
Verify whether existing passwords comply with the password policy
(verification occurs on login) true
Rules
Allow user to initiate password change true
Do not expire the user's password when the administrator sets the
password false
Require unique passwords true
Number of days before password expires 1
Limit the number of grace logins allowed 2
Minimum number of characters in password 4
Maximum number of characters in password 12
Allow numeric characters in password true
Disallow numeric as first character false
Disallow numeric as last character false
Minimum number of numerals in password 1
Allow the password to be case sensitive true
Allow non-alphanumeric characters in the password true
Disallow non-alphanumeric character as first character false
Disallow non-alphanumeric character as last character false
Minimum number of non-alphanumeric characters 1
Allow non-US ASCII characters false
Forgotten Password
Enabled: true
Challenge Set: Challenge Set1
Action: Change Password
Policy Assignments testou.test

Yet, when user logs in using Novell Client, they are not being asked to
change password if their current password doesn’t meet the above
complexity. Also, if I have the user change their password manually,
the complexity is not enforced then either. I also have Universal
Password Enforcement turned on at the testou.test level (in iManager,
under NMAS).

User was asked to complete challenge set that is part of this policy
during login, so it seems to be taking at least partial effect.

I think this is the last piece of the puzzle for our IDM setup. If we
can get complex passwords enabled and syncing, we should be good to go.


--
jarrodholder
------------------------------------------------------------------------
jarrodholder's Profile: http://forums.novell.com/member.php?userid=1616
View this thread: http://forums.novell.com/showthread.php?t=312877