We have a situation where we have a need to Authenticate all users
through
BM either by SSL or CLNTRUST.

The problem is there are approx 300 users who roam the offices and do
NOT
login to the NDS, hence they have no corresponding NDS usernames.

We have no issues importing them into the NDS, however they need to
have
password expiry as part of the corporate policy.

What happens is these users login via SSL, and if their password is
expired
you get a generic Authentication Failed errror from BM. They have no
idea
(or method!) of changing their password.

Is there a way around this (without using Generic accounts) so that
the
users get a message saying Expired Password and have some method of
changing
the password via the browser??

Surely others have a situation like this??

Could you modify the BM pages to include a javascipt to change
password via
LDAP?