Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-Oct-2009, 06:40 PM
Cool Solutions RSS Poster
  
Join Date: Sep 2007
Posts: 20
Cool Solutions 1-9 reputation points
Default Configuring Novell SecureLogin LDAP to Change eDirectory and
Configuring Novell SecureLogin LDAP to Change eDirectory and Active Directory Users' Passwords
02-Oct-2009 04:55 PM

Author: Dinesh PV

This article explains how to disable the password policies set for Active Directory and eDirectory. After you have disabled the password polices, you can configure Novell SecureLogin to change Active Directory and eDirectory users' passwords, simultaneously.

Table of Contents:

1. Introduction
2. Prerequisite
3. Disabling Active Directory Password Policy Settings
4. Disabling eDirectory Password Policy Settings
5. Changing Active Directory and eDirectory User Password
5.1Configuring Change Password Resource List to Select Both the Directories
6. Conclusion

1. Introduction

With Novell SecureLogin 7.0 installed in LDAP GINA mode, you can change the passwords of eDirectory and Active Directory users at the same time.

To use this functionality, you must specify Active Directory and eDirectory passwords as per the password policy setting or disable the password policies for both the directories.

If you attempt to change the user password for both Active Directory and eDirectory when the password policies for both the directories are enabled, one of the following happens:
  • Password policies of both the directories take effect, which makes the password policy either complex or invalid.
  • Password change might fail for one of the directory because of a mismatch of the password policy.
The procedures explained in the document apply to:
  • Novell SecureLogin 7.0 or later.
  • Microsoft Windows 2003 server with Active Directory and eDirectory server 8.8 SP4.
2. Prerequisite
  • Novell SecureLogin must be installed in eDirectory LDAP GINA mode on workstation connected to Active Directory domain.
3. Disabling Active Directory Password Policy Settings

By default, Active Directory password policy is enabled.

To disable:
  1. Click Start > Programs > Administrative Tools > Domain Security Policy.
  2. From the left pane, select Security Settings > Account Policies > Password Policy.
    http://www.novell.com/communities/fi...2/9039-1_0.jpg
    Click to view.

  3. Change the Password Policy settings with the following values:
    PolicyValue Enforce password history0Maximum password age0Minimum password age0Minimum password length0Password must meet complexity requirementsDisabledStore password using reversible encryptionDisabled
  4. After you have set the value for a policy, click OK.
  5. Exit the administrative tool.
  6. Restart the Group Policy by running the gpupdate /force command from the command prompt.
4. Disabling eDirectory Password Policy Settings

By default, eDirectory password policy is disabled. If it is enabled, do the following to disable it.
  1. Login to iManager as eDirectory administrator user.
  2. From Roles and Tasks select Password > Password Policies.
  3. Click the configured password policy, then the Policy Assignment tab.
    http://www.novell.com/communities/fi...2/9039-2_0.jpg
    Click to view.

  4. From the Assign to list, select and remove the user or container object to which the password policy is applied.
  5. Click Apply to save your changes.
  6. Click OK to exit.
5. Changing Active Directory and eDirectory User Password
  1. Login to Novell SecureLogin in LDAP GINA mode.
  2. Press Ctr+Alt+Delete, then select Change Password.
  3. From the Change Password Resource list, select both Active Directory and eDirectory domain.
    http://www.novell.com/communities/fi...2/9039-3_0.jpg
    Click to view.

  4. Specify the old password and new password.
  5. Click OK.
    Both Active Directory and eDirectory user passwords are changed at the same time.
5.1 Configuring Change Password Resource List to Select Both the Directories

To configure the Change Password Resource list to always select both Active Directory and eDirectory domains, create a registry key and set the value.
  1. Click Start > Run, then type regedit.
  2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP.
  3. Create a DWORD registry key named DisableCADUserSelection.
  4. Set the value of the registry key to 1.
6. Conclusion

Disabling Active Directory and eDirectory password policies synchronizes the password of both the directories after every LDAP password change operation.



More...
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 09:44 PM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2