Hi all,

at first i want to give some background information about the
IDM-Environment.

- eDirectory: linux OES SP1, IDM3.0 with the ad-driver installed as a
remote-loader service on a Windows 2003 Server.

There is an existing Password-Policy running on the Windows-Server.

- password live time = 180 days
- password length = 8 characters
- must use Upper and lower Case and one digit


I also create a password policy for the universal Password in
eDirectory, which is "nearly" the same as on the Windows Server.
Users exist in Active-Directory and in eDirectory. Passwords are
synchronized in both directions! But i need the following restrictions:

- Users are created in Active Directory !!
- Some Users only log on with the Novell Client and connect to the
eDirectory while other Users need to logon with their workstation to the
Active-Directory and eDirectory. Their Workstation is a member of the
Domain.
- The first time a user is created in Active Directory an initial
password is set and the User Object is synchronized to eDirectory. The
idea is that Users must change their password the first time they login
to edirectory. To get this running I use the global setting "Publish
Password to NDS".
- Now when this User login to the Windows Domain from his Workstation
and change its Passwort every time he login to eDirectory the password
is expired and the User have to change its password again.
- when i deactivate the global setting "Publish Password to NDS" the
password is synchronized to eDirectory and the password do not expire,
but the User will also be able to login to eDirectory without changing
his password the first time he login. So I cannot force a password
change the first time the User login to eDirectory

Is there a way to get this running:


- Create a User in Active Directory ==> Synchronize User to
eDirectory
- the first Time the User logon to eDirectory the User needs to
change his Password
- When the User changes his Password while he is login to the windows
Domain (CTRL-ALT-DELETE), the next time he login to eDirectory his
password will not expires.


I'd appreciate any information one could give me.
Dirk


--
dleese
------------------------------------------------------------------------
dleese's Profile: http://forums.novell.com/member.php?userid=33490
View this thread: http://forums.novell.com/showthread.php?t=346162